Abstract: Techniques are disclosed for performing secure remote bootstrapping operations of a network device such that sensitive configuration resides in volatile memory or is inaccessible upon power loss. In one example, a network device performs a first request for onboarding information. In response to determining that a first initialization of the network device has not occurred, the network device performs the first initialization by configuring, with the onboarding information, the network device to mount a portion of a file system to a volatile memory and not a non-volatile memory. After rebooting, the network device performs a second request for the onboarding information. In response to determining that the first initialization of the network device has occurred, the network device performs a bootstrapping operation of the network device. The bootstrapping operation may configure the network device for remote management such that any subsequent configuration obtained remotely is not retained on power loss.

Abstract: Techniques are disclosed for performing secure remote bootstrapping operations of a network device such that sensitive configuration resides in volatile memory or is inaccessible upon power loss. In one example, a network device performs a first request for onboarding information. In response to determining that a first initialization of the network device has not occurred, the network device performs the first initialization by configuring, with the onboarding information, the network device to mount a portion of a file system to a volatile memory and not a non-volatile memory. After rebooting, the network device performs a second request for the onboarding information. In response to determining that the first initialization of the network device has occurred, the network device performs a bootstrapping operation of the network device. The bootstrapping operation may configure the network device for remote management such that any subsequent configuration obtained remotely is not retained on power loss.

Abstract: A device may receive a digital voucher, a customer certificate, and configuration information for automatically configuring the device. The digital voucher may include a first customer identifier that identifies a customer associated with the device and a device identifier that identifies the device. The customer certificate may include a second customer identifier that identifies the customer and a customer public key associated with the customer. The configuration information may include information that identifies a configuration for automatically configuring the device. The device may validate at least one of the digital voucher, the customer certificate, or the configuration information. The device may configure the device, using the configuration, based on validating at least one of the digital voucher, the customer certificate, or the configuration information.

Abstract: A computer-implemented method for managing device configurations at various levels of abstraction may include (1) receiving a request to transform configuration details of at least one computing device into configuration details for an abstraction of the computing device, (2) using at least one compiler to transform the configuration details of the computing device into configuration details of the abstraction, and (3) returning the configuration details of the abstraction. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A network device initiates a transmission control protocol (TCP) connection to establish a TCP session with a management device, and performs, via the TCP session, a secure protocol client/server role reversal for the management device. The network device receives, from the management device, initiation of a secure connection over the TCP session in accordance with a secure protocol, and provides, to the management device, a trusted certificate with an embedded host key that is dynamically generated using a cryptographic processor of the network device, based on the initiation of the secure connection. The network device also establishes the secure connection with the management device based on an authentication of the host key by the management device via the trusted certificate.

Abstract: A device may receive a digital voucher, a customer certificate, and configuration information for automatically configuring the device. The digital voucher may include a first customer identifier that identifies a customer associated with the device and a device identifier that identifies the device. The customer certificate may include a second customer identifier that identifies the customer and a customer public key associated with the customer. The configuration information may include information that identifies a configuration for automatically configuring the device. The device may validate at least one of the digital voucher, the customer certificate, or the configuration information. The device may configure the device, using the configuration, based on validating at least one of the digital voucher, the customer certificate, or the configuration information.

Abstract: A network device initiates a transmission control protocol (TCP) connection to establish a TCP session with a management device, and performs, via the TCP session, a secure protocol client/server role reversal for the management device. The network device receives, from the management device, initiation of a secure connection over the TCP session in accordance with a secure protocol, and provides, to the management device, a trusted certificate with an embedded host key that is dynamically generated using a cryptographic processor of the network device, based on the initiation of the secure connection. The network device also establishes the secure connection with the management device based on an authentication of the host key by the management device via the trusted certificate.

Abstract: A device may receive a digital voucher, a customer certificate, and configuration information for automatically configuring the device. The digital voucher may include a first customer identifier that identifies a customer associated with the device and a device identifier that identifies the device. The customer certificate may include a second customer identifier that identifies the customer and a customer public key associated with the customer. The configuration information may include information that identifies a configuration for automatically configuring the device. The device may validate at least one of the digital voucher, the customer certificate, or the configuration information. The device may configure the device, using the configuration, based on validating at least one of the digital voucher, the customer certificate, or the configuration information.

Abstract: A device may receive a digital voucher, a customer certificate, and configuration information for automatically configuring the device. The digital voucher may include a first customer identifier that identifies a customer associated with the device and a device identifier that identifies the device. The customer certificate may include a second customer identifier that identifies the customer and a customer public key associated with the customer. The configuration information may include information that identifies a configuration for automatically configuring the device. The device may validate at least one of the digital voucher, the customer certificate, or the configuration information. The device may configure the device, using the configuration, based on validating at least one of the digital voucher, the customer certificate, or the configuration information.

Abstract: A network device initiates a transmission control protocol (TCP) connection to establish a TCP session with a management device, and performs, via the TCP session, a secure protocol client/server role reversal for the management device. The network device receives, from the management device, initiation of a secure connection over the TCP session in accordance with a secure protocol, and provides, to the management device, a trusted certificate with an embedded host key that is dynamically generated using a cryptographic processor of the network device, based on the initiation of the secure connection. The network device also establishes the secure connection with the management device based on an authentication of the host key by the management device via the trusted certificate.

Abstract: Techniques are described for initializing a plurality of network devices with similar network configurations, such as a common management device, platform, operating system, and network hostname. In one example, a management device comprises a computer-readable medium encoded with instructions for a configlet generator module and a device manager module and a processor to execute modules stored in the computer-readable medium of the management device. The processor executes the configlet generator module to generate a bulk configlet for a plurality of network devices, wherein the bulk configlet comprises a bulk identifier. The processor also executes the device manager module to receive a network session request from one of the plurality of network devices, wherein the network session request includes the bulk identifier, and to send specific configuration data to the one of the plurality of network devices in response to the network session request.

Abstract: A network device initiates a transmission control protocol (TCP) connection to establish a TCP session with a management device, and performs, via the TCP session, a secure protocol client/server role reversal for the management device. The network device receives, from the management device, initiation of a secure connection over the TCP session in accordance with a secure protocol, and provides, to the management device, a trusted certificate with an embedded host key that is dynamically generated using a cryptographic processor of the network device, based on the initiation of the secure connection. The network device also establishes the secure connection with the management device based on an authentication of the host key by the management device via the trusted certificate.

Abstract: Techniques are described for merging device schemas to manage different versions of network devices in the same device family. In one example, a computing device includes an interface to receive a first schema to be used for managing a first version of a device in a device family and a second, different schema to be used for managing a second version of the device, a computer-readable medium encoded with instructions for a schema merger module, and a processor to execute the schema merger module to merge the first schema and the second schema to produce a resulting merged schema to be used for managing both the first version of the device and the second version of the device, wherein the resulting merged schema expresses differences between the first schema and the second schema and includes a single instance of each common portion between the first schema and the second schema.

Abstract: In one example, a platform device includes a control unit configured to receive a first software package signed by a first software development entity with a first certificate of a first certificate hierarchy associated with the first software development entity, execute the first software package only after determining that a root of the first certificate hierarchy corresponds to a certificate authority of a developer of the platform device, receive a second software package signed by a second software development entity with a second certificate of a second certificate hierarchy associated with the second software development entity, wherein the second certificate hierarchy is different than the first certificate hierarchy, and execute the second software package only after determining that a root of the second certificate hierarchy corresponds to the certificate authority of the developer of the platform device.

Abstract: A network device initiates a transmission control protocol (TCP) connection to establish a TCP session with a management device, and performs, via the TCP session, a secure protocol client/server role reversal for the management device. The network device receives, from the management device, initiation of a secure connection over the TCP session in accordance with a secure protocol, and provides, to the management device, a trusted certificate with an embedded host key that is dynamically generated using a cryptographic processor of the network device, based on the initiation of the secure connection. The network device also establishes the secure connection with the management device based on an authentication of the host key by the management device via the trusted certificate.

Abstract: In general, this disclosure describes techniques of selecting routes for network packets through a computer network based, at least in part, on electrical power procurement arrangements of devices in the computer network. A computing system includes a hardware processor and a database storing power procurement profiles. Each of the power procurement profiles stores data indicating an arrangement between an operator of one or more of routing devices to procure electrical power from a utility company for facilities in which the routing devices are located. The power procurement profiles are mapped to ranges of network addresses associated with the facilities for retrieval of the power procurement profiles for the routers based on the network addresses assigned to the routers.

Abstract: In general, the invention is directed to techniques for establishing secure connections with devices residing behind a security device. In accordance with the techniques, a managed device initiates a transmission control protocol (TCP) session to establish a TCP session with a management device such that the management device acts as the TCP server and the managed device acts as a TCP client. Once established, the managed device sends a role reversal message specifying an identity of the managed device via the TCP session. Upon receiving the role reversal message, the management device initiates a secure connection over the TCP session in accordance with a secure protocol such that the management device acts as the secure protocol client and the managed device acts as the secure protocol server. By properly establishing the secure session, each of the devices assumes the proper roles and administrators may more easily configure the devices.

Abstract: A method performed by a network device may include generating and storing a first public key and a first private key in a first device, transmitting a serial number and the first public key from the first device to a second device, generating, by the second device, a second public key and a second private key, transmitting the second public key from the second device to the first device and transmitting the serial number, the first public key, the second public key and the second private key to a third device, establishing and authenticating a connection between the first device and the third device using the first public key and the second public key and transmitting encrypted configuration information with the two key pairs from the third device to the first device.

Abstract: In general, this disclosure describes techniques of selecting routes for network packets through a computer network based, at least in part, on electrical power procurement arrangements of devices in the computer network. A computing system includes a hardware processor and a database storing power procurement profiles. Each of the power procurement profiles stores data indicating an arrangement between an operator of one or more of routing devices to procure electrical power from a utility company for facilities in which the routing devices are located. The power procurement profiles are mapped to ranges of network addresses associated with the facilities for retrieval of the power procurement profiles for the routers based on the network addresses assigned to the routers.

Abstract: In general, this disclosure describes techniques of selecting routes for network packets through a computer network based, at least in part, on electrical power procurement arrangements of devices in the computer network. As described herein, there may be a plurality of routes through a computer network from a first device to a second device. Each of these routes may include one or more devices that consume electrical power. A route selection device may make a determination regarding how network packets are to be routed among these routes based, at least in part, on arrangements made to procure the electrical power consumed by the devices along the routes. After the route selection device makes this determination, the route selection device may cause network packets to be routed among these routes in accordance with this determination.