Patent attributes
Network devices are securely provisioned through authenticated ZTP servers. In some approaches, a storage device local to the network device includes information for connecting with and authenticating a local or remote ZTP server. This information may include a root of trust to use when connecting with a designated ZTP server. The ZTP server may be identified using either a dynamic host configuration protocol (DHCP) server or a network address specified in the local memory storage. In an approach, the local memory storage is a removable USB flash memory device inserted into the network device when the device is booted up. In another approach, the ZTP authentication information is stored within memory integrated within the network device. Once a ZTP server is connected to the network device, a secure connection may be established such as a secure transport layer session (TLS) utilizing the root of trust.