TR-069, also known as CWMP, enables remote configuration of customer premises equipment (CPE) such as routers, modems, and other network devices through a central auto-configuration server (ACS). The CPE establishes short provisioning sessions with the ACS to exchange configuration information and perform tasks assigned by the ACS. Reasons for initiating sessions include periodic updates, value changes, rebooting, and scheduled requests from the ACS. Authentication and SSL/TLS encryption help secure the communication between CPE and ACS.
1. Crash course in TR-069 (CWMP)
TR-069 (also known as CWMP or CPE WAN Management Protocol) is an Internet protocol based on XML/SOAP. It enables remote and
safe con�guration of network devices.
What is TR-069 designed for?
TR-069 enables remote and safe con�guration of network devices called customer premises equipment (CPE). Con�guration is
managed by a central server called an auto-con�guration server (ACS).
How to connect a device to the ACS?
A proper connection between a device and the ACS requires few parameters to be con�gured on the device:
What does the communication between the device and the ACS look like?
The connection between the device and the ACS is not permanent. The device establishes the connection with the ACS only at
speci�c points in time. It usually lasts several seconds — just enough to exchange all necessary messages between CPE and the ACS.
This short exchange of messages is called a provisioning session.
ACS Auto-Con�guration Server — software that manages devices remotely. There are two AVSystem’s products that work as an
ACS: UMP and Cloud ACS.
CPE Customer Premises Equipment — any equipment used by customers which can be managed by the ACS (set-top boxes, VoIP-
phones but also modems, routers, gateways, and more). CPE is commonly called a device.
ACS URL: an Internet address of the ACS, which is accessible from the device.
Periodic Inform Interval: de�nes a frequency of communication with the ACS.
Username and password: veri�cation data is optional. It depends on the ACS requirements and an expected security level.
Products Solutions Company Learn Careers Contact Sign in
In this course you will learn about:
CRASH COURSE
What is TR-069 Protocol? What is CWMP? TR-069 Software https://www.avsystem.com/crashcourse/tr069/
1 of 4 12/16/22, 6:46 PM
2. The provisioning session is divided into a few phases:
Uni�ed Management Platform
Next-gen multiprotocol device management for telecoms
Discover now
When does the device start a session with the ACS?
The device contacts the ACS in the following situations:
The manufacturer of the device can add custom events that will also make the device connect to the ACS. It is worth noting that the
device can list a few reasons for session initialization at the same time.
Session initialization
The session is always initialized by the device that connects to the ACS.
Authentication
The ACS must verify a username and a password provided by the device to continue the session. By default the password is not
sent publicly because the HTTP Digest method is used. Additional security of the authentication can be achieved by using the
HTTPS protocol with mutual certi�cates veri�cation.
Device identi�cation
Devices are identi�ed on the basis of information sent during initialization of the provisioning session. Namely, a device's serial
number and manufacturer's unique identi�er that together constitute a main identi�er of the device in the ACS. A MAC address is
not used as the identi�er but it is saved by the ACS, making it easier to �nd the device in the ACS GUI later on.
Tasks execution on the device
When the device is identi�ed and its communication part ends, a key phase of the session starts — the ACS orders various tasks
on the device. These might include reading or saving parameters, performing diagnostics, rebooting or ordering �le transfers.
Session closure
When all planned tasks have been ordered, the device closes the session. Any further tasks need initialization of a new session.
The ACS URL is saved or changed on the device or the device is reset to factory settings (the device communicates it as
BOOTSTRAP).
A new periodic visit is to begin according to the value set in Periodic Inform Interval (the device communicates it as PERIODIC).
The device responds to the ACS request for immediate connection (the device communicates it as CONNECTION REQUEST).
A value of a parameter for which active noti�cation is enabled changes (the device communicates it as VALUE CHANGE).
The device is reset or is reconnected to the power supply (the device communicates it as BOOT).
During one of the previous sessions the ACS ordered the device to initiate the contact with ScheduleInform command (the device
communicates it as SCHEDULED).
The device wants to report execution of previously ordered download or upload methods (the device communicates it as
TRANSFER COMPLETE).
The device wants to con�rm a previously ordered diagnostic (the device communicates it as DIAGNOSTIC COMPLETE).
What is TR-069 Protocol? What is CWMP? TR-069 Software https://www.avsystem.com/crashcourse/tr069/
2 of 4 12/16/22, 6:46 PM
3. Cloud ACS
Cloud-based device management via TR-069 and TR-369
Discover now
Why should I be aware of reasons for session initialization?
Knowing why the device is connected to the system is useful for at least two reasons:
Can the ACS initialize a session with the device?
No, it cannot. The session can be started only by the device. However, the ACS can send a request to establish connection, that is
Connection Request, which makes the device contact the ACS if it is properly implemented. Connection Request is used when
changes in the con�guration require to be deployed immediately. Instead of waiting for the device to connect, the ACS can in advance
inform the device about a need of connecting to the server, and introduce changes when it happens.
Is TR-069 secure?
Yes, it is. TR-069 provides several mechanisms that guarantee robust security
Authentication
You can order the device to perform various tasks depending on a particular context, for example, when the device connects for
the �rst time.
You can analyze reasons for last visits and �nd out abnormalities regarding the device’s activities.
Device authentication uses username and password (by default HTTP Digest so the password is not sent publicly).
SSL/TLS certi�cates can be used to mutually verify ACS' and device's identities.
What is TR-069 Protocol? What is CWMP? TR-069 Software https://www.avsystem.com/crashcourse/tr069/
3 of 4 12/16/22, 6:46 PM