Device Redirect Service and Provisioning

Owned by Max Schwab (Unlicensed)
Last updated: Jun 28, 2022
3 min read

What is it?

The beroCloud Devices Redirect Service can be used to give a beroNet device tasks to do when it boots up, such as

  • automatically connect the beroNet device to a specific beroCloud account

  • Set a provisioning URL with a config that will be restored on start-up

  • Set a provisioning URL to connect via TLS with a config that will be restored on start-up

Prerequisites

  • The beroNet Gateway must have at least Firmware Version 20.03 installed. (rc-21-02rc123 for Provisioning over TLS)

  • The beroNet Gateway must have an Internet connection and must have a proper name-server configuration.

  • You can find the beroNet Cloud under http://berocloud.beronet.com

  • In your cloud account you must have at least one location to register

  • This feature requires a beroCloud Professional account in order to use the Redirect Service.

How it Works

When the beroNet SBC or Gateway boots up, it automatically sends an encrypted request to the beroCloud through a secure tunnel and checks if a task to execute has been issued. It checks the type of the task and will execute the task with the given parameters.

For security reasons you will need the complete serial number and the MAC-address of the device in order to create a device redirect task. You can find it on the sticker on the box or on the device itself or in the GUI → Management → Info.

  • Serial number example: 30-16-0000012345

  • MAC address example:  d1:df:2d:34:56:c1

Create a Device Redirect

Visit https://berocloud.beronet.com/ and go to Devices → Devices Redirect. 

Here you have an overview over all the existing tasks and you can create new ones by clicking on Create Device Redirect.

CloudConnect

You can connect the device directly to your beroCloud Account for further management of the device. There are no further parameters needed.

After you saved the device redirect, the specified device with the serial number and MAC-address will automatically get the information every time it boots up and will register to your cloud account.

Provisioning

You can set a Provisioning URL with your uploaded config. The config will be automatically downloaded and restored when the device has an internet connection, when the specified boots up.

The beroNet config file has to be in the .xml format.

Provisioning over TLS

The Provisioning-TLS combines the two services described previously: CloudConnect and Provisioning.

  • The device will be connected to beroCloud and a provisioning-URL will be set

beroCloud will generate a certificate for the beroNet Gateway to connect to the provided provisioning-URL via TLS and is therefore encrypted and authenticated. (This is useful if the provisioning server is outside of your Local Area Network)

The certificate will be signed by our own beroCloud Certificate Authority (CA), which makes authentification of the device possible.
Configuring the provisioning server in a way to only allow TLS connections with beroCloud signed certificates is recommended!

Please Note: the beroNet Gateway requires a Firmware Version 21.02-rc123 or higher

Please Note: the provisioning server key must be signed by beroCloud and requires TLS 1.2

Disable Device Redirect Service

The Device Redirect Service can be disabled for security reasons in the GUI. If the service is disabled, the device won't send a request to the beroCloud and will not get tasks.

  • webGUI → beroCloud → Disable Redirect Service → Activate







If you need scheduled remote assistance, you can request our on-demand support services: https://www.beronet.com/support