Edge Appliance Setup
Deploy and secure the fanless Edge appliance for local RADIUS, captive portal and log collection.
Hardware Specifications
The Edge appliance is built on an Intel N100 quad-core processor with 16 GB DDR5 RAM and a 1 TB NVMe SSD. It features two Gigabit Ethernet ports (WAN and LAN), a USB-C console port and a Kensington lock slot. The fanless aluminium chassis operates silently between 0 °C and 40 °C and draws under 15 W at full load.
Physical Installation
Mount the appliance in a standard 1U rack tray or place it on a shelf near your core switch. Connect port 1 (WAN) to your uplink for console connectivity and port 2 (LAN) to the management VLAN. Attach the 12 V DC power adapter. The device boots in under 40 seconds and begins the ZTP handshake automatically.
Zero Touch Provisioning
On first boot the Edge contacts the SiperOne console using a factory-provisioned device certificate. The console verifies the serial number, assigns the device to a site and pushes the full configuration — RADIUS settings, policies, captive-portal assets and log-forwarding rules. Subsequent configuration changes are pushed over a persistent TLS tunnel with mutual authentication.
Security Architecture
The root filesystem is protected by dm-verity, which validates every block read against a signed hash tree. The data partition is encrypted with LUKS (AES-256-XTS). Firmware updates are delivered via RAUC A/B partitioning: the new image is written to the inactive slot, verified, and activated on reboot — a failed update rolls back automatically. The boot chain is measured and the TPM seals the LUKS key to the expected PCR state.
Offline Continuity
If the WAN link drops, the Edge continues to serve RADIUS authentication, captive-portal pages and local log collection for up to four hours using cached policies and credentials. Sessions authenticated during the offline window are queued and synchronised to the console when connectivity resumes. AnchorLog continues to seal batches locally and submits TSA requests once the link is restored.
Ready to get started?
Deploy AnchorSpot, AnchorNAC or AnchorLog in minutes with a free trial — no credit card required.