How does SD-WAN enable zero-touch provisioning (ZTP) for new edge devices?

Zero-touch provisioning relies on automated bootstrap and secure certificate-based enrollment through the SD-WAN orchestration plane. When a new edge device boots, it starts with minimal configuration and contacts the vBond orchestrator to authenticate and facilitate rendezvous with the management plane. vBond then enables communication with vManage, which pushes the appropriate provisioning data and policy templates to the edge. The device enrolls in the fabric, obtains certificates, and establishes trusted control and data-plane sessions automatically, becoming fully operational without manual intervention. This is why the option describing minimal boot config, contact with vBond, provisioning from vManage via templates, and automatic certificate enrollment best fits ZTP. The other approaches require manual steps, rely on an external file server, or skip the certificate-based trust essential for secure auto-configuration.