In a world where networks extend to the edge, span multiple clouds, and reach into non-terrestrial domains, traditional device onboarding becomes a liability. Manual configuration, vendor-specific scripts, and default credentials are inconsistent, slow, and prone to errors, which increases the risk of outages and breaches while reducing operational efficiency.
Secure Zero Touch Provisioning, or SZTP, as outlined by the IETF, addresses the bootstrapping challenge by allowing devices to enroll securely and automatically receive their configurations. During initial startup, SZTP uses cryptographic verification to authenticate the device, establish a trusted connection, and retrieve policy-driven settings from a central server, eliminating the need for manual configuration or insecure defaults.
Standards for onboarding are necessary but not enough; hardware interoperability is just as crucial. The Open Programmable Infrastructure (OPI) project under the Linux Foundation defines open APIs and reference behaviors for infrastructure accelerators like DPUs and IPUs. OPI avoids vendor fragmentation and fragile automation by offering a consistent control plane that makes provisioning workflows portable and future-proof.
FusionLayer has released an open source SZTP client under the Apache 2.0 license to reduce barriers to adoption. The client implements the IETF SZTP flows, integrates with orchestration systems, and is prepared for real-world automation pipelines. By making the implementation transparent and community-driven, FusionLayer encourages operators, vendors, and researchers to validate, extend, and improve the tooling.
Combined, SZTP and OPI form a vendor-agnostic onboarding stack. A newly powered device can authenticate with cryptographic identity, fetch a policy-aligned configuration through SZTP, and then be controlled or queried using OPI-compatible APIs. This sequence enables consistent provisioning across on-premise data centers, multi-cloud deployments, edge nodes, and intermittent or disconnected environments.
Telecommunications operators can onboard thousands of MEC nodes across dispersed sites without manual intervention, significantly reducing deployment time and operational risk. Enterprises can standardize branch infrastructure provisioning to maintain consistency across multi-cloud environments. Defense and aerospace programs can provision devices with cryptographic guarantees suitable for disconnected or non-terrestrial operations.
Adoption will not be instantaneous. Many legacy devices do not yet support SZTP, integrating new flows into heterogeneous automation stacks requires engineering effort, and industry alignment around interoperable reference implementations is still in progress. Open collaboration is essential, which is why FusionLayer contributed the SZTP client to the community: to create a common foundation that stakeholders can build on, test against, and adapt.
Start with a pilot that combines an SZTP-enabled client with OPI-aware orchestration on a small group of devices or accelerators. Track deployment time, configuration drift, and incident rates compared to manual methods, and use these metrics to plan broader rollouts and prioritize community efforts that enhance tooling and interoperability.
As infrastructure becomes more distributed and diverse, secure, automated, and standardized onboarding is a prerequisite for operational agility. SZTP supplies automation and cryptographic guarantees, while OPI provides an interoperable control plane that keeps workflows portable across vendors. FusionLayer’s open-source SZTP client is a practical step toward realizing that vision, and we invite the community to test, extend, and help standardize the onboarding pipelines of the future.
Explore the FusionLayer SZTP client on GitHub and join the effort to standardize onboarding for next-generation infrastructure.