The GZTP Self-Service Portal is designed to enable customers to provision/de-provision infrastructure and/or devices on to the Global ZTP Platform hosted by Versa.

Note: Screenshots in this document are for representational purposes only.

The GZTP Self-Service Portal can be accessed at https://gztp.versa-networks.com

Once accessed, the user is presented with a login screen as shown below.

The Portal is integrated with Versa's Identity Provider (IDP) and supports Single Sign On (SSO). The user, having registered with any of the Versa platforms (such as support, docs portals), uses the same username and password to login to the GZTP Self-Service portal.

Note: In case the user is not registered on any of the portals, please register your work email using Versa support/docs portal. 

Once logged in, the portal presents the Home Screen with the users’ email address and Organization the user belongs to. It also presents various menu options as described as follows. 

This menu option is used to provision the GZTP Infrastructure. From a Global ZTP perspective, ‘infrastructure’ relates to either PSK or PKI customer deployments. Presently, the portal supports PSK based infrastructure provisioning.

1. Organization: displays the organization name (default) and any other previously provisioned values*

1. Region: This is an alphanumeric free text field with Alphabets and Numbers as only valid input. Typically, this is the value representing the location where the customers’ controller is located. It is important to note that Organization and Region form a unique combination and any value in Region field that violates this would be highlighted to the user and not accepted by the portal.

1. Select Infrastructure type:
   1. PSK Infrastructure: Select this radio button to provision PSK based infrastructure before clicking on Continue.
   2. PKI Infrastructure: Select this radio button to provision PKI based infrastructure before clicking on Continue.

Note: Organization and Region have local significance on the Global ZTP Platform in terms of unique identification only.

* From a backward compatibility perspective

Provisioning PSK Infrastructure

The user enters PSK parameters. These relate to the customers’ controller:

1. Controller IP
2. Local Authentication ID
3. Remote Authentication ID
4. Local Authentication Key (If not provided it defaults to 1234)
5. Remote Authentication Key (If not provided it defaults to 1234)
6. Tenant ID (If not provided it defaults to 1)

Provisioning PKI Infrastructure

The user enters PKI parameters. These relate to the customers’ controller:

1. Controller1 IP: IP address of the Primary controller in customer network.
2. Controller2 IP: IP address of the Secondary/backup controller in customer network. This is optional.
3. CA CERT URL: URL where customer hosted CA server is accessible for the customer’s controller/branch device to fetch the certificate.
4. CA CERT IDENTITY: Identity to be used by customer hosted CA server. 

Once the infrastructure is provisioned successfully, users can proceed with Provisioning Device Serial Numbers.

On Clicking this menu option, the portal displays the number of provisioned devices. Up to 200 devices may be provisioned. The remaining ‘balance’ is also displayed:

Note: if Balance remaining is 0, no further devices can be provisioned, and both the menu options are greyed out.

After closing the following options are displayed:

1. Single Device: user can provision one device at a time
2. Multiple Devices: user can provision multiple devices

Single Device Provisioning

The user is required to provide 3 inputs:

1. Organization: a drop-down menu and displays the organization name (default) and any other previously provisioned values.
2. Region: a drop-down menu and displays ‘infrastructure’ values defined in an earlier step for the selected Organization
3. Device Serial Number: a unique serial number that the customer wants to provision on the Global ZTP Platform. This is a unique value across customers.
4. On clicking Submit, the portal attempts to provision the device serial number for the provided Organization and Region combination selected above. In case of error, the portal will display Error details on the summary page.
5. Please note that if post successful provisioning, the provisioned device count will be incremented by 1.
                  

The user is required to provide 3 inputs:

1. Organization: a drop-down menu and displays the organization name (default) and any other previously provisioned values
2. Region: a drop-down menu and displays ‘infrastructure’ values defined in an earlier step for the selected Organization
3. Device Serial Number: a unique serial number that the customer wants to provision on the Global ZTP Platform. This is a unique value across customers
4. Certificate Common Name: a unique common name mapped with serial number that the customer wants to provision on the Global ZTP Platform. This is a unique value across customers
5. Certificate Shared Key: a unique shared key used to authenticate the certificate for serial number that the customer wants to provision on the Global ZTP Platform.
6. Certificate User ID: a unique User ID mapped with serial number that the customer wants to provision on the Global ZTP Platform. This is a unique value across customers.
7. On clicking Submit, the portal attempts to provision the device serial number for the provided Organization and Region combination selected above. In case of error, the portal will display Error details on the summary page.
8. Please note that post successful provisioning, the provisioned device count will be incremented by 1.

Multiple Devices Provisioning

On this page, the user needs to download the CSV format file by clicking on   button. 

Once all the required details are completed in the CSV file, the user clicks on the Choose file menu button and selects the updated CSV file. Once complete, click on the Submit button.

It takes the Device Serial Number, Organization and Region in that order as an input from the file and attempts to provision each device serial number against each organization and region combination.

On clicking Submit, the portal attempts to provision the devices for the provided Organization and Region combination. In case of error, the portal will display Error details on the summary page.

Note: This feature is currently available only for PSK based device provisioning only.

This menu option allows the user to view all the infrastructures provisioned on the Global ZTP platform for their organization.

These are split between PSK and PKI Infrastructure types.

PSK Infrastructure

This provides a detailed view of the PSK Infrastructure/s provisioned under the organization. This shows the PSK parameters and other details:

1. ORG REGION: Combination of organization and Region used to create the infrastructure
2. Controller IP: Controller IP address associated with this infrastructure
3. LOCAL AUTHENTICATION ID
4. REMOTE AUTHENTICATION ID
5. LOCAL AUTHENTICATION KEY
6. REMOTE AUTHENTICATION KEY
7. TENANT ID

PKI Infrastructure^#

This provides a detailed view of the PKI Infrastructures provisioned under the customer organization.

1. Controller1 IP: Primary-Controller IP address associated with this infrastructure. 
2. Controller2 IP: Standby-Controller IP address associated with this infrastructure (if provisioned). 
3. CA CERT URL: URL where customer hosted CA server is accessible for the customer’s controller/branch device to fetch the certificate.
4. CA CERT IDENTITY: Identity parameter to be used by controller/branch devices. 

Note: Users can view all the infrastructure details configured only under their organization and not from any other organization.

This option allows the user to view all devices associated with the users’ organization.

There are two further options available:

1. PSK Devices: This option provides a summary of Device Serial Numbers associated with PSK infrastructure.
2. PKI Devices: This option provides a summary of Device Serial Numbers associated with PKI infrastructure.

Note: Users can only view device details provisioned under their organization.

PSK Devices

PKI Devices

Please refer to the screenshot for each numerical point listed below:

1. Displays the number of devices up to a maximum of 20 per page. Also displays the number of devices associated with the users’ organization
2. Search facility based on device serial number
3. Display filter to view devices based on ‘Status’
4. Display device details associated with each serial number. Includes provisioning date; expiration date; etc.
5. Ability to delete a device from the portal
6. Display the current status of the device. Statuses include:
   1. Provisioned (P): the device is in a provisioned state on GZTP platform
   2. Redirected (R): the device has contacted the GZTP platform and has been redirected to the customers’ controller
   3. Expired (E): the device has been deleted from the Global ZTP platform after expiry of retention period (60 days from date of provisioning)
   4. Failed (F): the device was not provisioned on the Global ZTP platform, however, has been inserted in the portal database
7. Re-provision: This option is available to all devices that are either Redirected or Expired**

** - This option remains available only when the maximum device limit has not been breached. If the limit is breached, RE-PROVISIONING button is greyed out.

Also, hovering mouse on this button shows how many more devices can be provisioned if the button is not greyed out.

This menu option gives users a summary view of number of devices with their status against each Infrastructure under their organization.

This is newly added menu option on this portal. This option allows user to download/export device serial number data in CSV format with all details such as infrastructure name the device is associated with, creation date, user ID of user who provisioned it. User can click on this menu option to download the CSV data file.

The GZTP Self-service portal will also support RESTful APIs. Most of the current set of operations supported by GZTP Self-service UI will also be supported by REST APIs.

The portal also contains the link to API documentation and is placed in the navigation bar.

1 shows the current deployed version of GZTP self-service portal on hover and clicking it takes you to web version of user documentation.

2 is the link to the RESTful APIs documentation.

Operations Supported by REST APIs

• Login: This REST call will provide user an “access_token” post validating username and password supplied, which will need to be used for all further RESTful operations. The token is valid for period of 3599 seconds, post which user must obtain new token by hitting the login endpoint.
• Create PSK infra:  use this end point with required payload to create PSK infrastructure.
• View All PSK infra: user can view detailed list of all PSK based infrastructures provisioned under user’s organization.
• Create PKI infra:  use this end point with required payload to create PKI infrastructure.
• View All PKI infra: user can view detailed list of all PKI based infrastructures provisioned under user’s organization.
• Add Device: this API endpoint is used for adding/deploying a new device workflow under a specific infrastructure for PSK based infra.
• Add PKI Device: this API endpoint is used for adding/deploying a new device workflow under a specific infrastructure for PKI based infra.
• View PSK devices: this endpoint gives the detailed list of devices provisioned underuser’s organization and associated with PSK infrastructure.
• View PKI devices: this endpoint gives the detailed list of devices provisioned underuser’s organization and associated with PKI infrastructure.
• Delete a device: user can delete a device under his/her organization by hitting this endpoint.
• Check Balance: user can check number of devices that can be provisioned under their organization.

Note: Please refer to the REST API documentation embedded in GZTP Self-Service portal for details about each end point.

Operations NOT Supported by REST APIs

• Bulk provisioning of devices
• Export of device list

Restrictions on RESTful APIs usage

• The number of REST API calls is limited to 200 per hour for given organization.

1. Key Terms to Note

1. Maximum Provisioned Devices: customers are permitted a maximum of 200 devices in the Provisioned status. It implies that these devices are ready to be boot-strapped/staged. The portal keeps track of these counters and displays it to users, when provisioning a new device. ^##
   Device provisioning is not permitted if the count of “Provisioned” devices reaches 200.
2. Device Retention Period: The period is equal to sixty (60) days. Any device in a provisioned state for more than 60 days, is deleted from the Global ZTP Platform. However, for ease of operations for customers, these devices would be retained on the GZTP Self-Service Portal.
3. Notification Emails: When the provisioned device/s approach the device retention period, a reminder email is sent to the user/s with the device serial number(s). Users receive 3 email notifications (30 days, 15 days and 7 days prior to Device Retention Period expiration). Users will also receive an email once the device is deleted from the Global ZTP Platform. Please note that while device and related configuration is deleted from GZTP Platform, the same would be available on GZTP Self-service portal and can be re-provisioned with a single click.

 ^## - for ease of operations and backward compatibility, Versa has provisioned all devices already deployed on the GZTP platform even if the count exceeds 200 devices. However, such customers are not allowed to provision new devices until the number of provisioned devices comes below 200.