Versa Global ZTP Self-Service

Portal User Guide

v 1.4

28th April 2024

General Disclaimer

Although Versa Networks has attempted to provide accurate information in this guide, Versa Networks does

not warrant or guarantee the accuracy of the information provided herein. Versa Networks may change the

programs or products mentioned at any time without prior notice. Mention of non-Versa Networks products

or services is for information purposes only and constitutes neither an endorsement nor a recommendation

of such products or services or of any company that develops or sells such products or services.

ALL INFORMATION PROVIDED IN THIS DOCUMENT IS PROVIDED “AS IS”, WITH ALL FAULTS, AND WITHOUT

WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED OR STATUTORY. VERSA NETWORKS AND ITS

SUPPLIERS HEREBY DISCLAIM ALL WARRANTIES RELATED TO THIS GUIDE AND THE INFORMATION CONTAINED

HEREIN, WHETHER EXPRESSED OR IMPLIED OR STATUTORY INCLUDING, WITHOUT LIMITATION, THOSE OF

MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON--INFRINGEMENT, OR ARISING FROM A

COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

VERSA NETWORKS AND ITS SUPPLIERS SHALL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL,

CONSEQUENTIAL, OR INCIDENTAL DAMAGES INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR

REVENUES, COSTS OF REPLACEMENT GOODS OR SERVICES, LOSS OR DAMAGE TO DATA ARISING OUT OF THE

USE OF THE GUIDE OR ANY VERSA NETWORKS PRODUCT OR SERVICE, OR DAMAGES RESULTING FROM USE

OF OR RELIANCE ON THE INFORMATION PROVIDED IN THIS GUIDE, EVEN IF VERSA NETWORKS OR ITS

SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Any Internet Protocol (IP) addresses and other information used in this document are not intended to be

actual addresses and phone numbers. Any examples, command display output, network topology diagrams,

and other figures included in the document are shown for illustrative purposes only. Any use of actual IP

addresses or phone numbers in illustrative content is unintentional and coincidental.

Many of Versa Networks products and services identified in this guide are provided with, and subject to,

written software licenses and limited warranties. Those licenses and warranties provide the purchasers of

those products with certain rights. Nothing in this guide shall be deemed to expand, alter, or modify any

warranty or license or any other agreement provided by Versa Networks with any Versa Networks product, or

to create any new or additional warranties or licenses.

3 
 
 
  
Copyright 2022 Versa Networks, Inc. All rights reserved  
 
Table of Contents 
1. Overview ....................................................................................................................................................................... 4 
2. Accessing the portal and Authentication ...................................................................................................................... 4 
3. Provisioning Infrastructure ........................................................................................................................................... 5 
Provisioning PSK Infrastructure ........................................................................................................................ 6 
Provisioning PKI Infrastructure ......................................................................................................................... 7 
4. Provisioning Device Serial Number ............................................................................................................................... 9 
Single Device Provisioning .............................................................................................................................. 10 
Multiple Devices Provisioning ......................................................................................................................... 12 
5. View Infrastructure ..................................................................................................................................................... 13 
PSK Infrastructure ........................................................................................................................................... 13 
PKI Infrastructure ............................................................................................................................................ 13 
6. View Devices ............................................................................................................................................................... 14 
PSK Devices ..................................................................................................................................................... 15 
PKI Devices ...................................................................................................................................................... 15 
7. Summary ..................................................................................................................................................................... 16 
8. Export Devices Data .................................................................................................................................................... 17 
9. RESTful APIs Support................................................................................................................................................... 17 
Operations Supported by REST APIs ............................................................................................................... 18 
Operations NOT Supported by REST APIs ....................................................................................................... 19 
Restrictions on RESTful APIs usage ................................................................................................................. 19 
10. Key Terms to Note ................................................................................................................................................. 19 
11. Known Issues and Limitations ............................................................................................................................... 20 
12. What’s NEW in this release? .................................................................................................................................. 20 
New Features .................................................................................................................................................. 20 
Enhancements and Bug Fixes ......................................................................................................................... 20 
13. Revision History ..................................................................................................................................................... 21 
 
   

1. Overview

The GZTP Self-Service Portal is designed to enable customers to provision/de-provision

infrastructure and/or devices on to the Global ZTP Platform hosted by Versa.

Note: Screenshots in this document are for representational purposes only.

2. Accessing the portal and Authentication

The GZTP Self-Service Portal can be accessed at https://gztp.versa-networks.com

Once accessed, the user is presented with a login screen as shown below.

The Portal is integrated with Versa's Identity Provider (IDP) and supports Single Sign On (SSO).

The user, having registered with any of the Versa platforms (such as support, docs portals),

uses the same username and password to login to the GZTP Self-Service portal.

Note: In case the user is not registered on any of the portals, please register your work email

using Versa support/docs portal.

Once logged in, the portal presents the Home Screen with the users’ email address and

Organization the user belongs to. It also presents various menu options as described as follows.

3. Provisioning Infrastructure

This menu option is used to provision the GZTP Infrastructure. From a Global ZTP perspective,

‘infrastructure’ relates to either PSK or PKI customer deployments. Presently, the portal

supports PSK based infrastructure provisioning.

0. Organization: displays the organization name (default) and any other previously provisioned

values*

1. Region: This is an alphanumeric free text field with Alphabets and Numbers as only valid

input. Typically, this is the value representing the location where the customers’ controller is

located. It is important to note that Organization and Region form a unique combination and

any value in Region field that violates this would be highlighted to the user and not accepted by

the portal.

2. Select Infrastructure type:

a. PSK Infrastructure: Select this radio button to provision PSK based infrastructure

before clicking on Continue.

b. PKI Infrastructure: Select this radio button to provision PKI based infrastructure

before clicking on Continue.

Note: Organization and Region have local significance on the Global ZTP Platform in terms of

unique identification only.

* From a backward compatibility perspective

3. On the next page, user must enter the parameters based on selected infrastructure type.

Provisioning PSK Infrastructure

The user enters PSK parameters. These relate to the customers’ controller:

a. Controller IP

b. Local Authentication ID

c. Remote Authentication ID

d. Local Authentication Key (If not provided it defaults to 1234)

e. Remote Authentication Key (If not provided it defaults to 1234)

f. Tenant ID (If not provided it defaults to 1)

Provisioning PKI Infrastructure

The user enters PKI parameters. These relate to the customers’ controller:

a. Controller1 IP: IP address of the Primary controller in customer network.

b. Controller2 IP: IP address of the Secondary/backup controller in customer network.

This is optional.

c. CA CERT URL: URL where customer hosted CA server is accessible for the customer’s

controller/branch device to fetch the certificate.

d. CA CERT IDENTITY: Identity to be used by customer hosted CA server.

4. Click on the Submit button. A Summary page will display a success or failure message.

Once the infrastructure is provisioned successfully, users can proceed with Provisioning Device

Serial Numbers.

4. Provisioning Device Serial Number

On Clicking this menu option, the portal displays the number of provisioned devices. Up to 200

devices may be provisioned. The remaining ‘balance’ is also displayed:

Note: if Balance remaining is 0, no further devices can be provisioned, and both the menu

options are greyed out.

After closing the following options are displayed:

1. Single Device: user can provision one device at a time

2. Multiple Devices: user can provision multiple devices

Single Device Provisioning

1. PSK Device Provisioning

The user is required to provide 3 inputs:

a. Organization: a drop-down menu and displays the organization name (default) and

any other previously provisioned values.

b. Region: a drop-down menu and displays ‘infrastructure’ values defined in an earlier

step for the selected Organization

c. Device Serial Number: a unique serial number that the customer wants to provision

on the Global ZTP Platform. This is a unique value across customers.

d. On clicking Submit, the portal attempts to provision the device serial number for the

provided Organization and Region combination selected above. In case of error, the

portal will display Error details on the summary page.

e. Please note that if post successful provisioning, the provisioned device count will be

incremented by 1.

2. PKI Device Provisioning

The user is required to provide 3 inputs:

a. Organization: a drop-down menu and displays the organization name (default) and

any other previously provisioned values

b. Region: a drop-down menu and displays ‘infrastructure’ values defined in an earlier

step for the selected Organization

c. Device Serial Number: a unique serial number that the customer wants to provision

on the Global ZTP Platform. This is a unique value across customers

d. Certificate Common Name: a unique common name mapped with serial number

that the customer wants to provision on the Global ZTP Platform. This is a unique

value across customers

e. Certificate Shared Key: a unique shared key used to authenticate the certificate for

serial number that the customer wants to provision on the Global ZTP Platform.

f. Certificate User ID: a unique User ID mapped with serial number that the customer

wants to provision on the Global ZTP Platform. This is a unique value across

customers.

g. On clicking Submit, the portal attempts to provision the device serial

number for the provided Organization and Region combination

selected above. In case of error, the portal will display Error details on

the summary page.

h. Please note that post successful provisioning, the provisioned device

count will be incremented by 1.

Multiple Devices Provisioning

On this page, the user needs to download the CSV format file by clicking on

button.

Once all the required details are completed in the CSV file, the user clicks on the Choose file

menu button and selects the updated CSV file. Once complete, click on the Submit button.

It takes the Device Serial Number, Organization and Region in that order as an input from the

file and attempts to provision each device serial number against each organization and region

combination.

On clicking Submit, the portal attempts to provision the devices for the provided Organization

and Region combination. In case of error, the portal will display Error details on the summary

page.

Note: This feature is currently available only for PSK based device provisioning only.

5. View Infrastructure

This menu option allows the user to view all the infrastructures provisioned on the Global ZTP

platform for their organization.

These are split between PSK and PKI Infrastructure types.

PSK Infrastructure

This provides a detailed view of the PSK Infrastructure/s provisioned under the organization.

This shows the PSK parameters and other details:

1. ORG REGION: Combination of organization and Region used to create the infrastructure

2. Controller IP: Controller IP address associated with this infrastructure

3. LOCAL AUTHENTICATION ID

4. REMOTE AUTHENTICATION ID

5. LOCAL AUTHENTICATION KEY

6. REMOTE AUTHENTICATION KEY

7. TENANT ID

PKI Infrastructure#

This provides a detailed view of the PKI Infrastructures provisioned under the customer

organization.

1. Controller1 IP: Primary-Controller IP address associated with this infrastructure.

2. Controller2 IP: Standby-Controller IP address associated with this infrastructure (if

provisioned).

3. CA CERT URL: URL where customer hosted CA server is accessible for the customer’s

controller/branch device to fetch the certificate.

4. CA CERT IDENTITY: Identity parameter to be used by controller/branch devices.

Note: Users can view all the infrastructure details configured only under their organization and

not from any other organization.

6. View Devices

This option allows the user to view all devices associated with the users’ organization.

There are two further options available:

1. PSK Devices: This option provides a summary of Device Serial Numbers associated with PSK

infrastructure.

2. PKI Devices: This option provides a summary of Device Serial Numbers associated with PKI

infrastructure.

Note: Users can only view device details provisioned under their organization.

PSK Devices

PKI Devices

Please refer to the screenshot for each numerical point listed below:

1. Displays the number of devices up to a maximum of 20 per page. Also displays the number

of devices associated with the users’ organization

2. Search facility based on device serial number

3. Display filter to view devices based on ‘Status’

4. Display device details associated with each serial number. Includes provisioning date;

expiration date; etc.

5. Ability to delete a device from the portal

6. Display the current status of the device. Statuses include:

a. Provisioned (P): the device is in a provisioned state on GZTP platform

b. Redirected (R): the device has contacted the GZTP platform and has been redirected

to the customers’ controller

c. Expired (E): the device has been deleted from the Global ZTP platform after expiry of

retention period (60 days from date of provisioning)

d. Failed (F): the device was not provisioned on the Global ZTP platform, however, has

been inserted in the portal database

7. Re-provision: This option is available to all devices that are either Redirected or Expired**

** - This option remains available only when the maximum device limit has not been breached.

If the limit is breached, RE-PROVISIONING button is greyed out.

Also, hovering mouse on this button shows how many more devices can be provisioned if the

button is not greyed out.

7. Summary

This menu option gives users a summary view of number of devices with their status against

each Infrastructure under their organization.

8. Export Devices Data

This is newly added menu option on this portal. This option allows user to download/export

device serial number data in CSV format with all details such as infrastructure name the device

is associated with, creation date, user ID of user who provisioned it. User can click on this menu

option to download the CSV data file.

9. RESTful APIs Support

The GZTP Self-service portal will also support RESTful APIs. Most of the current set of

operations supported by GZTP Self-service UI will also be supported by REST APIs.

The portal also contains the link to API documentation and is placed in the navigation bar.

1 shows the current deployed version of GZTP self-service portal on hover and clicking it takes

you to web version of user documentation.

2 is the link to the RESTful APIs documentation.

Operations Supported by REST APIs

 Login: This REST call will provide user an “access_token” post validating username and

password supplied, which will need to be used for all further RESTful operations. The

token is valid for period of 3599 seconds, post which user must obtain new token by

hitting the login endpoint.

 Create PSK infra: use this end point with required payload to create PSK infrastructure.

 View All PSK infra: user can view detailed list of all PSK based infrastructures

provisioned under user’s organization.

 Create PKI infra: use this end point with required payload to create PKI infrastructure.

 View All PKI infra: user can view detailed list of all PKI based infrastructures provisioned

under user’s organization.

 Add Device: this API endpoint is used for adding/deploying a new device workflow

under a specific infrastructure for PSK based infra.

 Add PKI Device: this API endpoint is used for adding/deploying a new device workflow

under a specific infrastructure for PKI based infra.

 View PSK devices: this endpoint gives the detailed list of devices provisioned

underuser’s organization and associated with PSK infrastructure.

 View PKI devices: this endpoint gives the detailed list of devices provisioned

underuser’s organization and associated with PKI infrastructure.

 Delete a device: user can delete a device under his/her organization by hitting this

endpoint.

 Check Balance: user can check number of devices that can be provisioned under their

organization.

Note: Please refer to the REST API documentation embedded in GZTP Self-Service portal for

details about each end point.

Operations NOT Supported by REST APIs

 Bulk provisioning of devices

 Export of device list

Restrictions on RESTful APIs usage

 The number of REST API calls is limited to 200 per hour for given organization.

10. Key Terms to Note

1. Maximum Provisioned Devices: customers are permitted a maximum of 200 devices in the

Provisioned status. It implies that these devices are ready to be boot-strapped/staged. The

portal keeps track of these counters and displays it to users, when provisioning a new

device. ##

Device provisioning is not permitted if the count of “Provisioned” devices reaches 200.

2. Device Retention Period: The period is equal to sixty (60) days. Any device in a provisioned

state for more than 60 days, is deleted from the Global ZTP Platform. However, for ease of

operations for customers, these devices would be retained on the GZTP Self-Service Portal.

3. Notification Emails: When the provisioned device/s approach the device retention period,

a reminder email is sent to the user/s with the device serial number(s). Users receive 3

email notifications (30 days, 15 days and 7 days prior to Device Retention Period

expiration). Users will also receive an email once the device is deleted from the Global ZTP

Platform. Please note that while device and related configuration is deleted from GZTP

Platform, the same would be available on GZTP Self-service portal and can be re-

provisioned with a single click.

## - for ease of operations and backward compatibility, Versa has provisioned all devices

already deployed on the GZTP platform even if the count exceeds 200 devices. However, such

customers are not allowed to provision new devices until the number of provisioned devices

comes below 200.

11. Known Issues and Limitations

1. Bulk provisioning support for PKI based infrastructure is not supported in this release.

12. What’s NEW in this release?

New Features

In this version of the portal, we have introduced following new feature/s.

# ID

Description

Support for provisioning of PKI based infrastructure and devices

Support for RESTful APIs for provisioning of PKI based infra and devices along with

its online documentation

Enhancements and Bug Fixes

None.

13. Revision History

Revision Number

Description

Date

1.0

First release

9th September 2022

1.1

Additional features like Summary, update to show

legends on devices listing pages, fix for frequent

logout issue and minor bug fixes

14th October 2022

1.2

Additional feature of Export Device Data related

documentation update

16th December 2022

1.3

Introduction of RESTful APIs

Minor bug fixes

24th July 2023

1.4

Support for provisioning of PKI infrastructure and

devices and related RESTful APIs

28th April 2024

Learn more at http://www.versa-networks.com and follow us on Twitter @versanetworks.