How to Automate the Rollout Process in the IGEL UMS
You want to set up the IGEL Universal Management Suite (UMS) in such a way that new devices will be stored directly in the correct directory and the right configurations will automatically be assigned to them. With Zero Touch Deployment in the rollout, devices will be configured automatically according to the profiles, with almost zero management outlay.
The idea of Zero Touch Deployment means automatic device registration with automatic assignment of profiles by default directory rules.
In the end, the device will automatically be registered in the UMS, assigned to the right directory, and related to the valid profiles. To prepare this automated process, you have to go the other way around. First, define the profiles, then assign them to the directories, then create default directory rules and automate the registration.
Preparing Automatic Rollout
Configure your device globally, indirectly assigning profiles by a parent directory:
Create a new root directory, e.g. IGEL OS.
For how to create a device directory, see Creating a Directory in the IGEL UMS.Assign certain profiles to this root directory, e.g. Security.
For how to assign profiles, see How to Allocate IGEL UMS Profiles. See also Prioritization of Profiles in the IGEL UMS.
For detailed information on profiles, see Profiles in the IGEL UMS.Move your devices or your directories containing devices to this root directory.
These devices will inherit the profiles assigned to the root directory.
Example: Devices that will be placed to the directory Augsburg during the registration will inherit the profile Security which is assigned to the root directory IGEL OS:
Automating the Rollout
Click UMS Administration > Global Configuration > Default directory rules to create a new default directory rule.
For detailed information on default directory rules, see Default Directory Rules.
If you use the IGEL Onboarding Service (OBS) to onboard devices, you have an Identity Provider (IdP) configured for the authentication. You can also use the user mail domains, user names, or user roles of the configured IdP as default directory rule criterion, so that you can automatically assign devices to device folders according to your IdP configurations.
Choose the directory in which you want to store the devices according to the rule.
Configure your DNS or DHCP server and activate the automatic registration of devices as described under Registering Devices Automatically on the IGEL UMS.
We recommend disabling automatic registration after the rollout, so that no unknown devices will be registered without your control and could obtain sensitive settings.
Start your devices. They will be automatically registered on the UMS Server.
Thanks to the default directory rule, these devices will be stored in the right directory and will automatically receive the correct profiles.
Example:
Related Topics
If you want to use structure tags for automating the rollout: Using Structure Tags with IGEL OS 11 Devices
If you have problems with the device registration: Troubleshooting: Registration of a Device via Scanning for Devices Fails