| CPC H04L 41/0894 (2022.05) [H04L 41/0895 (2022.05); H04L 63/0876 (2013.01)] | 20 Claims |
|
1. A system, comprising:
one or more processors and one or more memories, wherein the one or more memories have stored thereon instructions, which when executed by the one or more processors, cause the one or more processors to implement an onboarding and integration service for a plurality of clients of a provider network, wherein the device onboarding and integration service is configured to, for a given client:
establish a connection with an edge device of a remote network of the client;
receive, from the edge device over the connection established by the provider network with the edge device, at least an identifier for the edge device, wherein the identifier for the edge device has been previously associated with the client;
determine, based on the identifier for the edge device received from the edge device over the connection that was previously established by the provider network with the edge device, a type of the edge device from among a plurality of different types of devices stored by the device onboarding and integration service;
determine by the device onboarding and integration service, based at least on the previously determined type of the edge device that the device onboarding and integration service established the connection with and on a mapping maintained at the device onboarding and integration service at the provider network that includes a plurality of entries that map the plurality of different types of devices to a plurality of different types of device attestations that are available for the device onboarding and integration service to perform to verify the different types of devices, a type of device attestation to be performed for the device, wherein the different types of device attestations perform different sequences in order to authenticate edge devices;
perform the determined type of device attestation to verify the edge device; and
in response to the verification of the edge device:
establish a secure connection with the edge device;
register the edge device as a registered edge device of the client;
send, to the edge device, a device management agent, wherein the device management agent is configured to enable communication between the edge device and the device onboarding and integration service for management of the edge device; and
send, to the edge device, an indication of one or more locations to download one or more software components from, wherein the one or more software components are configured to onboard the edge device with the device onboarding and integration service subsequent to the download of the one or more software components to the edge device.
|