Transcript
HUAWEI eSight Pre-sales Specialist Training
Contents
1 2 3 4 5 6 7
Huawei & EBG Overview Click to add Title Market Summary and Positioning Highlights
Product Comparisons Success Stories
Ordering Guide Resources 1
Sustainable Growth Sales revenue (billion USD)
Who is Huawei? 40
35
39.5
30
32.4
20
Rank 315th on the 2013 Global Fortune 500
Customer-centric culture
World-class management, process, and practice
27.6 21.5
10
5 0 2009
Leading global ICT solutions provider
35.4
25
15
2010
2011
2012
2013(Unaudited)
Huawei Technologies releases an annual report with consolidated financial statements audited by KPMG. — From Huawei annual report audited by KPMG
2
Worldwide Expertise
170+
16
Countries
R&D Centers
28
14
Joint Innovation Centers
Regional HQs
3
45
150,000
Training Centers
Employees Worldwide
Unprecedented Reach through Innovative Technologies
Enable 3.5 billion end users 4
Continuous Investment in Innovation R&D investment
Standards and patents
USD $5.45 billion in 2013
USD $25.4 billion over 10 years (from 2004 to 2013)
70,000 R&D employees
16 R&D centers
Membership in 170+ international standards organizations such as IEEE, IETF, DMTF, Continua, and HL7
180+ positions in international standards organizations
5,000 standards proposals in 2013
44,168 patent applications in China; 14,555 PCT patent applications and 18,791 patent applications outside of China.
36,511 patent applications granted (by December 31, 2013)
Standards
Continuous increase in percentage of R&D investment to total sales revenue 15% 10% 5% 0
9.7%
9.7%
11.6%
13.7%
14% Patents
2009
2010
2011
2012
5
2013
Industry-Recognized Innovation Awards The Economist Corporate Use of Innovation Award
Informa Best LTE Commercial Performance Award, Best Contribution to LTE R&D Award
Interop CE12800 series DC switches won the Best of Show Award in the Data Center and Storage Category
6
Fast Company Top 5 most innovative companies in the world
IEEE Excellence in Standards Development Award
Red Dot & IF HVS high-end storage and IVS won the Red Dot Design Award WLAN AP products won the IF Industrial Design Award
ICT Penetration Globalizes Huawei
Globalization (2009-…)
Internationalization (2003-2008)
Centralization (1998-2002)
Enlightenment (1993-1997)
Worldwide network, regional data centers, global IT support, IT security, VPN, VOIP
Nationwide backbone network, enterpriseclass data center
Nationwide DDN WAN, OA
7
Cloud computing, unified communications, global telepresence, BYOD
Contents
1 2 3 4 5 6 7
Huawei & EBG Overview Click to add Title Market Summary and Positioning Highlights
Product Comparisons Success Stories
Ordering Guide Resources 8
Integrated Campus User and Network Management
eSight Standard Edition
Network Traffic Analyzer
WLAN Manager
SLA
LogCenter STOP
Policy Center
User authentication AP Outgoing traffic monitoring
Access switch
802.1x
Aggregation switch
Terminal-to-terminal SLA monitoring
Egress router WAN
STOP
Portal authentication
AC STOP STOP
AP
Protected resources
Campus Network
• Integration of wired and wireless networks provides an excellent market opportunity for eSight. • Elegantly manages outgoing campus traffic to ensure sufficient bandwidth for key services. • Policy center provides multi-layer control of access terminals, users, and networks.
9
Visual Management of Enterprise Branch Networks
eSight Standard Edition
SLA Manager Network Traffic Analyzer
Video service
MPLS VPN Manager
Headquarters
Branch 1 Egress router
Proxy service
LogCenter Terminal-to-terminal SLA monitoring Outgoing traffic monitoring E2E MPLS VPN management
WAN Access switch
Data center
Voice service
Branch 2
•
• • •
•
Device visible: visibly manages devices in branches such as switches, routers, and printers to display network problems in real time. Traffic visible: provides refined management on branch traffic to display top N application traffic and top N hosts, facilitating fault location and reasonable planning. Quality visible: provides E2E SLA and NQA to evaluate the packet loss rate, delay, and jitter, timely detecting network problems and ensuring user experience in branches. Service visible: provides E2E MPLS VPN management, service views, and SLA for MPLS services to implement one-stop fault diagnosis on services, devices, and ports, reducing enterprises' O&M costs. Security trend visible: provides a distributed log management solution and a one-stop log audit solution to trace network status and replicate security events.
10
Automatic Data Center Management eSight Professional Edition
… Automatically migrates network policy
DC nCenter
Network
SLA Manager VM
VM
VMvare
VM migration
VM
VM
VMvare
Network Traffic Analyzer
Visual: Visually manages physical and virtual resources. Automatic: Automatically migrates data center networks and supports CE and X7 switches. Evaluation of key service quality: Monitors interface traffic in the data center and provides SLA analysis on key services to detect faults in advance and rectify the faults quickly, ensuring high service level for the data center.
11
Contents
1 2 3 4 5 6 7
Huawei & EBG Overview Click to add Title Market Summary and Positioning Highlights
Product Comparisons Success Stories
Ordering Guide Resources 12
eSight Key Message One Management •Unified wired and wireless network management •Unified network and security device management •Multi-vendor device management One Policy •Rule-based policy management and 5W1H-based access control (5W1H indicates user identity, terminal type, resource type, access time, access location, and access mode.) •Rich security policies that enhance terminal security
•Full guest access lifecycle solution Easy to Use
•Visualized management •Easy troubleshooting
•User-friendly Graphical User Interface (GUI)
13
eSight Product Portfolio Cloud Application Management
Network Service Management
Basic Network Management
Data center management: unified management of physical and virtual resources; efficient auto-migration solution
Network quality Network security SLA Manager: evaluates packet • LogCenter: processes and stores logs loss rate, delay, and jitter. and performs NAT source tracing. NTA: analyzes traffic distribution • Secure Center: configures and manages and bandwidth utilization. security policies on devices uniformly and provides security policy analysis.
WLAN network • WLAN Manager: supports unified wired and wireless management, radio management, and wireless positioning.
VPN network • MPLS VPN/Tunnel Manager: provides visual monitoring and deployment and one-click fault diagnosis. • IPSec VPN Manager: provides visual monitoring and one-click fault diagnosis.
Provides the compact, standard, and professional editions to meet requirements of different enterprise scales. Supports unified management on routers, switches, security devices, WLAN devices, and third-party devices.
VM1
Apps VoIP
VM2
VM3
Campus and Branch
WAN 14
Video
Data Center
Basic Network Management
15
Basic Network Management Device Management VLAN Management
Topology Management Performance Management
Basic Network Management
Security Management
Report Management
Fault Management Configuration File Management
Terminal Resource Management
Smart Configuration Tool System Reliability
16
Device Management
Topo Management
Basic Management Functions Devices from mainstream vendors
• Cisco, H3C, Juniper, 3Com, Cadant Inc, ZTE, EMC Extreme Networks Summit, Brocade, Motorola, Marconi, IBM, F5, HP Procuve, Rapid City Communication, Avaya, Maipu, Ruijie, Boda, and
others
17
Third-party device management
Basic management functions • Basic device information: manufacturer, device type, version, interface, performance, and device panel • Link discovery: LLDP, CDP (for Cisco devices), Layer 2 link calculation based on MAC forwarding table, and end-to-end IP link discovery • Alarms: interface up/down, device online/offline, link up, link down, cold start, warm start, and authentication failure in trap v1/v2 format, and standard MIB alarm • IP address management: querying and detecting IP address changes • Configuration file management: backup, restoration, and comparing • Batch device configuration
Device Management
Topo Management
Multiple Resource Discovery Methods Add individual device - specific IP address
Support SNMP and ICMP.
Add devices in batches - IP address segments
Support immediate discovery and scheduled discovery. Scheduled discovery can be set by hour, day, week, or month.
Add multiple network segments.
Add devices in batches – import files
18
Device Management
Topo Management
One-Stop Device Management Solves Problems Device panel shows device and interface status Load and compile MIB files and query MIB objects.
Performance threshold sets off alarm, exposes the problem
Interface traffic information
19
Stack Management Stack device display in the topology view
Master MPU Standby MPU
CE6800/5800
Intelligent stack (iStack) N:1 virtualization
• Support CE switch and S switch. 20
Cluster Management Cluster device in the topology view
Cluster device display on the panel
Standby MPU
Standby frame
CE12800 Cluster Switch System (CSS)
Master frame
N:1 virtualization
• Support CE switch and S switch. 21
Click the standby frame to display the panel of the standby frame. Click the active frame to display the panel of the master frame.
CE12800 VS Management The Admin-VS (marked in A) is displayed in the topology view, and other common VSs (marked in C) can be displayed only when they are added.
Virtual System (VS)
vSwitch
Admin-VS
shange
shang
vSwitch
vSwitch
vSwitch
VS List: displays information about all vSwitches. Port List: displays interface allocation of all VMs.
CE12800 1:N virtualization
22
GUI-based Configuration and Management for CE Series Switch eSight
Device running VRP8 PnP
R
PnP package contains the panel description file and NETCONF schema within 1 MB. NETCONF schema is the data model file and defines all managed objects and the relationship between managed objects.
Obtain files in the PnP package from the device through FTP and save it to the local directory.
Generate graphical configuration interface according to PnP package.
Configure and manage devices through NetConf.
Rapidly generate configuration page and provide graphical configuration capability.
23
Topo Management
Security Management
Topology-Centric Management Meets Daily Monitoring Demands All information you want can be displayed on the topology. • • • •
Zoom in device icons focused on. Highlight links focused on. Displays bandwidth usage. Mark links consuming different bandwidth with different colors. • Display access terminal information. • Display device and link traffic.
eSight Automatic scanning
Topology setup
Topology display
Right-clicking items on the topology to display various information, which simplifies management. 24
Security Management
Fault Management
Security Management: Role-based Permissions Enterprise Structure
Administrative Division by Physical Area
Enterprise headquarters
Enterprise headquarters — Professional
Branch 1
Standard edition
Branch 2
25
Rights and Domain Divisions - Division by Logical Relationship
User group: Different permissions assigned to different user groups
Device group: Different administrators manage different devices
Time segment: Administrators configure operation time segments and validity periods
Standard edition
Fault Management
Performance Management
24/7 Alarm Monitoring Improves Network Reliability Go Quickly to Topology or Device Panel
Remote Alarm Notification SMS
Sound
Email
eSight Reduce Alarm Count; Focus on Core Fault
Alarm Library: Research Problem Resolution
Detail
Mask alarm
Unite duplicate alarms
Alarm surge suppression
26
Performance Management
Report Management
Multidimensional Performance Indicator Collection to Find Potential Security Risks • •
Graphical display of indicators Comparison of performance indicators of different objects
Performance indicators
Device
eSight
2. Check whether performance indicators exceed thresholds. Determine whether to send alarms according to the alarm count. Send alarms of different severities according to the threshold range.
1. Periodically collect device performance indicators. 3. Notify the network administrator through SMS messages or emails.
27
Report Management
Configuration File Management
Easy-to-Use Network Reports Customized Report Types
Comprehensive report forms
Customized Report Data
Customize data fields Preview report design Is this correct?
Customized Report Generation
Daily, weekly, and other periodic reports Real-time statistics
43 pre-defined, easy-to-understand types of network reports Interface traffic, link status, interface usage reports
28
Customized Report Distribution
Automatic distribution Email, FTP distribution
Configuration File Management
Smart Configuration Tool
Back Up and Restore Device Configuration Files
File Comparison
• Backup: immediate backup, periodical backup, backup triggered by configuration change alarms • Comparison: different colors indicate added, deleted, and modified rows • Restore: use the source file to restore device configurations 29
Smart Configuration Tool
Endpoint Management
Highly Efficient Batch Configuration
Form method
CLI view Planning table
Use a template: same configuration for batches of multiple devices Use a planning table: batch delivery of devices with differentiated configurations
30
Endpoint Management
VLAN Management
Unified Terminal Access Management 192.168.1.10
eSight
Uses the same IP address to detect IP address theft. Same IP
192.168.1.10
Multiple MAC addresses detect unauthorized hubs and switches.
Uses the same MAC address to detect MAC address theft.
Sends warning emails when unauthorized access is detected. Quickly finds access terminals on the heterogeneous network; traces terminal location changes; and queries terminals' online and offline records. O&M detects security risks, including unauthorized access, IP or MAC address theft, and unauthorized device connection. Quickly finds terminals to assist fault locating.
31
VLAN Management
HA System
Unified VLAN Resource Management VLAN Deployment in Batches • Deploy global VLANs.
Visibly Display VLAN Resources • Add devices to VLANs or remove devices from VLANs. • Check device and port resources of a specified VLAN. • Adjust VLAN-based configurations. For example, select devices or links or add or delete VLANs.
• Deploy port VLANs.
32
Association with the Panel
Voice VLAN Deployment
• Check port VLAN information on the panel.
• Set voice VLAN attributes, including working modes, security modes, Lagacy, and priorities.
• Modify or restore port VLAN configuration on the panel.
HA System
Secure Client-Server Network Mechanism
Web security
Operator
Server Security
Communication encryption
SSLv3 encryption Password transmitted by HTTPS
ACL
Device Communication Security
Database encryption Active eSight node
1:1 two-node hot-standby cluster
Hacker
Port matrix Standby eSight node
Virus
Trend antivirus software
33
SSHv2/SSLv3/SNMPv3
Administrator Access Security
Managed network
Managed network
Managed network
Network Service Management
34
Network Service Management IPSec VPN Manager
NTA(Network Traffic Analyzer)
MPLS VPN/Tunnel Manager
Network Service Management SLA Manager
WLAN Manager
LogCenter Manager
35
Secure Center
Network Bandwidth is a 'Black Box' Is network traffic normal?
What occupies a lot of bandwidth? Can network bandwidth support current services? Email
Headquarters Proxy
Expensive leased network
Voice
Video
Many enterprises need WANs for their applications. 36
Enterprise Network Traffic Management Objectives
What is the fault source of the interface utilization alarm? Which application?
Which branch link? Which device interface? Which user? Which application? How much bandwidth?
Who is using the unauthorized application?
Fault Detection
Visualized Traffic
How to ensure key services with existing network bandwidth? How about the bandwidth trend of applications in branches? Stay ahead by transforming network expansion from passive to active.
Future Planning
More detailed network traffic data and fine-grained management
37
Drill Down to Simplify O&M Analyze Problem
Find Traffic Exception
• Dashboard shows multi-dimensional traffic (interface, application, host, and conversation). • Quickly find traffic exceptions on the dashboard, for example, AR interface GE0/0/0 traffic exception. • Drill down. Click specific interface (GE0/0/0) to discover traffic composition.
38
• Discover traffic composition of GE 0/0/0 interface from multiple dimensions (for example, application, host, conversation, and DSCP) within a certain period. • Example: a lot of traffic to destination host 10.137.59.255 • Drill down. Click the host to "see" the conversation.
Locate Problem
• Understand traffic conversation (source host, destination host, application, traffic, data packet, and traffic percentage). • The NetBIOS-ns application (from 10.137.59.247 to 10.137.59.255) occupies a large percentage of traffic.
Fault Location: Application Access Error Users Cannot Send or Receive Emails Search for the application server by IP address on the host traffic analysis page.
Check the traffic on the application server: if there is no traffic, the applications on the server are running improperly.
If traffic is concentrated on several sessions, the corresponding hosts are using the resources of the application server.
Configuration: Enable NetStream or NetFlow at the incoming direction of uplink and downlink interfaces on access/aggregation switches to send traffic to the eSight network traffic system. Virus features: Specified protocols and port ranges of source/destination hosts; fixed traffic size and packet number. Attack features: The attack host consumes the maximum number of the server's SMTP connections: TCP connection, different ports, fixed packet size and rate.
39
Check session details: if the bandwidth and number of each packet are the same, attacks may exist.
Network Optimization: Recognizing Traffic from Junk Applications
Customize applications (protocol, port, and IP address range) or create an application group to store all junk applications.
Check application traffic on the device or interface traffic analysis page to determine whether any junk application is using bandwidth. Analyze restriction policies.
Check the rankings of junk application hosts and discover the users through the eSight server.
Configuration: Enable NetStream at the incoming and outgoing directions of uplink interfaces on egress switches in the monitoring LAN, or enable the incoming direction of uplink and downlink interfaces to send traffic to the NTC.
40
Network Optimization: Distribute Applications on the LAN Egress Service Queue Customize applications (protocol, port, and IP address range) based on service needs.
Create a periodic task report about interface traffic on the egress router: The summary types in a report consist of application and DSCP.
Export periodic reports, check the distribution of application and DSCP traffic at the WAN egress, and check the fees with network operators.
Configuration: enable NetStream at the incoming and outgoing directions of uplink interfaces on egress switches, or enable the incoming direction of uplink and downlink interfaces, to send traffic to the NTC.
41
Network Service Management IPSec VPN Manager
NTA
MPLS VPN/Tunnel Manager
Network Service Management
SLA Manager
WLAN Manager
LogCenter Manager
42
Secure Center
Smart SLA, Ensure High Network Quality Telepresence
Telepresence
Audio service
WAN
LAN
Audio service
LAN
Initiate network quality diagnosis Quick diagnosis defines the fault boundary
Segment I
Segment II
Active O&M monitors and scores network quality, and finds problems quickly Based on best practices, embedded NQA indicators, and predefined SLA service types
ICMP Jitter UDP Jitter
Video service
UDP Echo
Encapsulated NQA indicators and visual network quality displays reduce the skills required of O&M engineers. 43
Active Management Generates Alarms in Advance (Audio Service) Branch
Headquarters WAN Voice gateway
Voice gateway
Send simulated audio traffic.
eSight
Visually display test results. Create periodic SLA tasks; inform NQA-enabled device of the type of simulated audio traffic.
Numerical display of service quality
Graphical display of each test indicator
44
Generate alarms and indicators for services where traffic has exceeded upper thresholds; promptly send alarms by email or SMS.
Quick Diagnosis and Fault Location Audio service
Audio service WAN
LAN
Device A
Device B
LAN
Device C
Segment I
Initiate quick diagnosis eSight
Segment II Segment III
Select source and destination devices and initiate quick diagnosis based on UDP jitter statistics. Packet loss
Diagnosis indicates WAN packet loss. Audio service is key for an enterprise, but WAN bandwidth is limited. Deploy QoS policies to ensure high-quality audio.
45
Policy Implementation and Result Verification (1/2) Audio service
Audio service WAN
LAN
Egress router A
LAN
Egress router B
Audio EF (delay-sensitive services); 20% of total bandwidth
eSight
Video AF (key data services that require assured bandwidth); 60% of total bandwidth
ISP network
QoS queues
Data BE (best-effort services that require no strict QoS assurance)
eSight Smart Configuration Tool configures egress routers A and B to ensure QoS for key services.
Create SLA tasks for audio EF, video AF, and data BE according to UDP jitter statistics. Monitor each queue. Test instances support ToS values and can simulate packets from different QoS queues. Audio (EF): 184 Video (AF): 104 Data (BE): 0
46
Compare traffic of different QoS queues to quickly locate network faults.
Policy Implementation and Result Verification (2/2) Audio service
Audio service WAN
LAN
Egress router A Send video AF traffic to congested queue. Verify whether QoS takes effect.
LAN
Egress router B Audio EF (delay-sensitive service)
Video AF (key data services that require assured bandwidth) ISP network Data BE (best-effort services that require no strict QoS assurance)
Video AF
Video AF Audio EF
Data BE
Data BE
Audio EF • When the video AF queue is congested, RTD is affected. • RTD for audio EF queue is not affected.
47
SLA Historical Data: Fault Location and Error Tracing A network fault occurred here.
Fault location: Locate the fault based on the comparison of SLA data from different queues.
Error tracing: Detect the fault's starting and ending time based on historical data.
Packets in AF queues were discarded and packets in other queues were normal. Discards may be caused by AF queue congestion, but not by a network fault.
48
Network Service Management IPSec VPN Manager
NTA
MPLS VPN/Tunnel Manager
Network Service Management SLA Manager
WLAN Manager
LogCenter Manager
49
Secure Center
Massive Logs Help Quickly Locate Network Vulnerabilities Hacker
Switch Router
Trojan horse Virus
What are the attacks affecting the system currently?
Logs are in different formats and of poor readability.
Firewall
Host
Database and other applications
Enterprise Network Which device is frequently attacked and what are the attacks?
Massive logs System logs; logs in binary, SFTP, and WMI formats; and FTP static and dynamic files
Log analysis
What viruses can the system defend against?
Comprehensive security service analysis: DDoS attack event analysis, plug-in block analysis, access control event analysis, policy matching analysis, IPS analysis, URL filter analysis, and email filter analysis 50
NAT Log Tracing and Identity Tracing
Few public IP addresses
Transition
NAT device
Source IP after NAT + port after NAT
NAT logs
Many private IP addresses
Enterprise Intranet
Source IP + source port
User authentication system Traces and determines user identity based on the mapping between IP address and port before and after NAT in NAT logs and login and logout logs.
51
Profound User Online Behavior Analysis
Works with the USG and ASG products to analyze user online behaviors.
52
User traffic Online time Keywords Outgoing files Applications Web access Email Network threat
Network Service Management IPSec VPN Manager
NTA
MPLS VPN/Tunnel Manager
Network Service Management
SLA Manager
WLAN Manager
LogCenter Manager
53
Secure Center
Unified Deployment and Management of Security Policies Configuring a Single Device Through Commands
Understand commands.
Create an address set.
Add an IP address.
Create a time period. Create a service set. Create a rule.
Reference the address set, time period, and service set.
54
Delivering Commands in Batches on the GUI
Current Status of Security Policies
Only adds but not delete policies.
Take Huawei's IT center as an example.
The total number of security policies on the egress firewall reaches to 30,000.
The number of security policies increases at a rate of 800 per month.
It is difficult to determine whether 90% of the security policies can be modified or deleted.
55
Refinement and Adjustment of Security Policies Policy redundancy analysis
Policy matching analysis
Overlapping Can be optimized
Included Can be deleted Policy 3
Policy 1
Policy 2
Policy 4
56
Policy 3 has a low matching rate; therefore, it can be placed after policy 4 or deleted. policy 3 ** (Matched 0 times) policy 4 ** (Matched 1,000 times)
Policy Risk Analysis Discloses Potential Risks policy 5 ** destination ip any action permit (The destination addresses defined in this policy are of a large range.) policy 6 ** dest port 80 action permit (There is a high risk that packets sent and received by port 80 are not encrypted.) Risky policies on each device
Top N risky policies
57
Comprehensive Policy Analysis Shows O&M Efficiency of Security Policies Redundancy analysis
+ Risk analysis
Comprehensive policy analysis Assessment results by scores
+ Matching analysis
58
Top N device health status
Network Service Management IPSec VPN Manager
NTA
MPLS VPN/Tunnel Manager
Network Service Management
SLA Manager
WLAN Manager
LogCenter Manager
59
Secure Center
Unified Management for Wired and Wireless Networks Helps Users Integration of wired and wireless networks
Use the Wizard to deploy batches
Integrated topology for wired and wireless devices
Configure basic AC attributes Configure APs offline using the Wizard
Uniform management of wired and wireless resources Management of wired and wireless devices (APs) by rights or domain
60
Wireless network management
Visual: radios, terminals, and interference sources Intelligent: network quality problems can be recognized in advance
One-click: fault diagnosis from terminals to the network side
eSight Wizard Deploys Devices in Batches; Simplifies Steps Needed to Enable Services 1 WAN Switch
AC PoE switch
Automatically add AC and switches to the NMS. Smart Configuration Tool configures ACs and switches, and enables service and management channels.
2
Automated configuration of basic AC attributes.
3
APs imported in batches through the plan file.
Wizard configures APs offline. After APs are powered on, configuration and services are automatically enabled.
AP
AP
AP
Deployment time for 100 APs is reduced from 2 hours to 10 minutes 91% deployment improvement 61
Wired and Wireless Network Integration
Wired and Wireless Network Integration Eliminates Need for 'Black Box' of Connections Unified topology of wired and wireless networks clearly displays device status
Unified performance and reports for wired and wireless networks
Unified topology: continuous management of AP and wired devices, real-time status displays, wired and wireless network troubleshooting
Management of wired and wireless devices by rights and domain: wired and wireless devices can be managed by region and APs can be managed by region as independent NEs, which meets the AP hierarchy management requirement Unified resource management: optimizes network efficiency
Unified performance monitoring: visually display northbound AP interfaces and the traffic of wired and wireless interfaces Unified report: the report contains all the information required for the entire network so it does not need to be collected manually 62
Wired and Wireless Network Integration
Management by Rights and Domain
2. Domain 1. Create device group
4. Role
3. Rights
•
Use rights to manage APs
63
Improve network management security
Wireless Network Management
Two Methods Quickly Help Solve Wireless Faults Active maintenance: recognize network faults in advance and correct faults before customers report them
One-click diagnosis: diagnose faults on the terminal and AC sides and rectify faults reported by customers
Terminal fault rectification
Dashboard
The terminal self-check tool detects user-side faults and corrects them. The top wireless network fault is rectified quickly (32% of the total).
User information and region packet loss on the entire network are displayed clearly. In this case, administrators can quickly find network quality problems and solve them before customers report them. Network fault locating
Location topology
The topology provides wireless signal strength coverage, interference source distribution, and terminal access information. This information helps IT personnel identify holes in signal coverage and network interference information, and quickly solve the top 3 wireless network faults (22% of the total).
Locate faults in the following sequence: terminal side -> SSID -> AP -> AC to locate the top 2 faults (25% of the total).
eSight's wireless fault locating function helps quickly solve 79% of wireless faults.
64
Wireless Network Management
Dashboard Displays Operating Status of the Entire Network Information bulletin: Information collected from physical devices, users, WIDS, and topology is displayed clearly. Visual and easy to understand: Histogram and pie charts represent quality of network operations and help with network fault identification. Supports Tooltip details.
Deep analysis: Drill down and analyze fault causes. Portlet pages meet JSR168 specifications and are easy to use.
65
Wireless Network Management
Location Topology Shows Network Coverage Signal coverage and strength changes are displayed by floor. Signal coverage holes can be located and the network coverage status of enterprise buildings is displayed clearly. Set obstacles and enhance environment emulation. Display conflicting regions of signal coverage and help IT personnel optimize tunnels and power.
Display the wireless signal coverage of a floor by signal strength, rate, and tunnel distribution. Detect illegal APs and help IT personnel locate faults.
Wireless network coverage status is displayed clearly, which helps solve 22% of problems caused by interference.
66
Wireless Network Management
Terminal Tool Quickly Detects User-side Faults The wireless network can be accessed normally in the morning
User
After the user disconnects from it at noon, the user cannot regain access to the wireless network Ask users for fault details Call and instruct the user to perform operations to rectify the fault
Customer service personnel
If the fault cannot be fixed, appoint technical support engineers to go to the site Check signal coverage Check that the device is running
Technical support engineer
Check the terminal to see whether powersaving mode is enabled on the network adapter
According to statistics, 32% of network faults occur on terminals. Technical support personnel need to locate faults according to the checklist. After locating faults, they need to go to the site to rectify them. Using this method, efficiency is low and staff cost is high.
67
The terminal side tool rectifies network faults caused by the operating system version, wireless network adapter setting, or system service setting and helps users correct faults quickly to save the costs of locating faults on-site.
Wireless Network Management
Locate Faults Quickly and Provide Solutions User reports a fault
If an AP has too many users, access may fail for currently non-connected users.
A user cannot access the network and the terminal tool detects no faults. Therefore, the user reports the fault.
Wireless network faults account for 25% of daily faults and are often difficult to diagnose. Analyze the specifications of terminals, SSID, AP, and AC to help administrators locate faults.
68
Wireless Network Management
eSight WIDS Recognizes Interference Sources Rules for defining wireless interference sources: illegal, potentially illegal, interference, neighbor, possible neighbor, and others Interference alarm: users can determine whether to trigger alarms based on the interference impact on networks Interference source list and details
Find APs that are not managed based on SSID, frequency range, or signal strength.
Alarm on illegal APs
Locating illegal APs and interference sources
Use emails or alert signals to notify administrators
Quickly identify potential security risks to the network, illegal APs, or illegal users to ensure network health. 69
Wireless Network Management
Proactive O&M: Spectrum Analysis (1) • Proactive O&M
• Before WLAN deployment or during operation and maintenance, users can check the interference strength of channels in specific environments on spectrum charts, and avoid using channels with strong interference, which ensures access quality. • Users can check the distribution of interference sources on periodic spectrum charts and determine the types of interference sources based on the frequency distribution.
High-interference area Real-time FFT chart: Displays the latest interference strength information at different frequencies. Depth chart: Displays the interference strength information at different frequencies within a specific time segment. 70
Wireless Network Management
eSight WIDS Intelligently Identifies Interference Sources and Provides Countermeasure Function eSight
AC
PoE SW
AP
AP
Rogue AP
Ad Hoc
Client
Rogue client
71
Wireless Network Management
Proactive O&M: Quick Location of Interference Sources and Unauthorized Devices Proactive O&M
• Physically locate interference sources and unauthorized devices connected to wireless networks. • Analyze surrounding environments to find out the factors that lead to low network access speed based on the AP distribution, coverage, signal strength, and access information. • Enable administrators to monitor the validity of locations for user access.
Location/Display system (eSight)
Location information collector (AP)
Wi-Fi device Unauthorized device
Non-Wi-Fi device
eSight wireless location capabilities: • Locating unauthorized devices (unauthorized AP, users, Ad Hoc, and bridges) and interference sources (cordless phones, cordless phone bases, ZigBee devices, microwave ovens, Bluetooth devices, game controllers, 2.4/5 GHz wireless video players, and baby monitoring devices) • Viewing historical tracks about devices 72
Network Service Management IPSec VPN Manager
NTA
MPLS VPN/Tunnel Manager
Network Service Management
SLA Manager
WLAN Manager
LogCenter Manager
73
Secure Center
Huawei eSight VPN Management VPN A
VPN A PE2
PE1 MPLS Tunnel CE1
CE2
VPN Service Management
1 2 3 4
MPLS Tunnel Management
Service deployment: eSight quickly deploys VPN services through operations on the GUI. Automatic discovery: eSight automatically discovers and synchronizes VPN services that have been deployed on the network. Users do not need to specify device roles. Service monitoring: VPN traffic and link quality are visually monitored. Fault diagnosis: One-click fault diagnosis quickly locates service faults.
1 2
Tunnel deployment: the Smart Configuration Tool implements E2E deployment for MPLS tunnels.
3
Tunnel monitoring: tunnel status is monitored through various methods such as the tunnel list, topology, and alarm.
Automatic discovery: eSight automatically discovers and synchronizes MPLS TE and MPLS LDP tunnels that have been deployed on the network.
Linkage Between VPN and MPLS Tunnels
1 Viewing the VPN tunnel: checks whether a VPN service fault is caused by a tunnel fault. 2 Viewing a tunnel's VPN services: quickly locates affected services when a tunnel is faulty. 74
Batch Deployment of VPN Services on the GUI
1 1. Select the network type and service template and enter basic VPN parameters based on the network planning. 2. Enter detailed VPN parameters, including interface and route information. 3. Preview commands to be delivered to devices to check whether the parameters are correctly configured.
75
2 3
Visualized Monitoring of VPN Services aodian-PE1-222 aodian-PE2-235
Internet aodian-CE2-229
aodian-CE1-226 aodian-PE3-218
1
aodian-PE4-190
Automatically discovers services on the network and identifies PE-PE and PE-CE links after a user clicks the auto discovery button.
2
Automatically synchronizes discovered services on the network to the service list in eSight.
Alarm Information VPN Status
3
76
Automatically calculates and displays service links in the topology.
Link Monitoring Discloses Link Degradation VPN A
PE1
VPN A
PE2 WAN
CE1
PE-CE ICMP Ping
CE2 PE-PE ICMP Ping PE- Remote CE ICMP Ping CE-CE ICMP Ping
Monitors service quality by link segment and quickly locates links of poor network quality.
1
Automatically creates SLA tasks based on link segments to actively monitor link quality.
2
Monitors and displays links with low SLA compliance. Top N counter shows the Top N links with the lowest VPN quality
Graphs show quality changes.
With the link monitoring function, users can assess service link quality and quickly identify link bottlenecks.
77
Link quality alarms are displayed in the service topology to provide prewarnings
Quickly Locate Service Faults with One Click VPN A
VPN A
PE3
PE1 WAN
CE1
Collects information about VRF Ping, VRF Traceroute, private routes, and VRF FIB.
CE2 Supports ICMP Ping, VRF Ping, LSP Ping, ICMP Traceroute, VRF Traceroute, and LSP Traceroute. Collects information about public routes, private routes, BGP VPN V4 peers, VPN V4 routes, VRF FIB, and LSPs.
PE2
Collects information about VRF Ping, VRF Traceroute, private routes, and VRF FIB. ICMP Ping, ICMP Traceroute
Diagnose and locate faults by network layer and link segment.
1 Select PE-PE, PE-CE, and CE-CE links and start to diagnose the fault.
the PE-CE private route information. The private route information does not 2 Query exist, which indicates that the PE-CE interface or link is faulty.
After the fault diagnosis, the connectivity of the public network is correct and the connectivity of the private network is faulty.
3
Check the alarm information. The interface for PE3 to connect to CE2 is faulty.
78
4 Verify that service is restored after the interface fault is rectified.
Discover Tunnels Automatically, Quickly, and Accurately Voice VPN
CE1
Voice VPN
PE1
PE2
MPLS TE Tunnel
MPLS Tunnel
CE2
MPLS LDP Tunnel Video_vpn
CE2
CE1 Video VPN
Video_vpn
Video VPN
1 eSight automatically discovers devices selected by users.
79
2
Users can view the list of tunnels that have been synchronized by eSight.
3
Users can view the LSPs of a tunnel, which have been synchronized to eSight, through tunnel topology.
Topology View Monitors and Prevents Tunnel Faults VPN A
VPN A PE1
Active LSP
PE2
MPLS Tunnel Standby LSP
CE1
1 Displays active and standby LSPs in the tunnel topology.
3
Displays the VPN services of each tunnel. When a tunnel is faulty, users can quickly find services that may be affected by the fault and take proper measures to prevent these services from being affected.
80
2
CE2
Actively monitors tunnel status and prevents services from being affected by tunnel faults.
VPN Services Are Linked with Tunnels Voice VPN
Voice VPN PE1
MPLS TE Tunnel MPLS Tunnel MPLS LDP Tunnel
CE1
When a
PE2 CE2
When a tunnel
service fault
fault occurs, users
occurs, users can
can click the View
click Tunnel List,
VPN button and find
find the tunnel with
the affected VPN
the current VPN
services, which helps
service, and
prevent services from
determine whether
being affected by the
the service fault is
tunnel fault.
caused by the tunnel fault.
81
Network Service Management IPSec VPN Manager
NTA
MPLS VPN/Tunnel Manager
Network Service Management
SLA Manager
WLAN Manager
LogCenter Manager
82
Secure Center
IPSec VPN Management Solution Visualized Service Monitoring
•
•
Automatic discovery: discovers services deployed on the network and adds the services to eSight. Visualization: monitors key information such as VPN performance, service alarms, and link quality.
83
One-click Fault Diagnosis
Uses one-click fault diagnosis to analyze causes of service abnormality.
Automatic Discovery and Graphical Display of Services Branch
Headquarters IPSec VPN
Automatic discovery
Service list
eSight uses policies bound to device interfaces to automatically discover services.
Service topology
84
Graphical Display of Key Service Indicators Monitored Indicators
85
Purpose
Sending/Receiving rate of all IPSec tunnels
Generate a prewarning indicating that capacity expansion is required.
Sending/Receiving rate of an IPSec tunnel
Analyze when big data will occur.
Packet loss rate for all packets sent or received through IPSec tunnels
Analyze the quality of all IPSec services on the device.
Packet loss ratio for packets sent or received through an IPSec tunnel
Analyze the quality of a single IPSec service.
Interface incoming/outgoing rate
Generate a prewarning indicating that capacity expansion is required.
One-click Fault Diagnosis Improves Troubleshooting Efficiency – Network Branch
Internet
Headquarters
IPSec tunnel
Interface status at two ends Whether IPSec policies are applied to interfaces Whether a device initiates IPSec negotiation IPSec policy integrity IKE negotiation result IPSec negotiation result
86
Cloud Application Management
87
Data Center nCenter Manager Unified Physical and Virtual Resource Management
Dynamically Adjust Physical Network Profiles Based on VM Changes
Fault Location
Notify users of the VM change.
View change details in the log and suggest fault corrections in case of change failure.
Network profiles migration
Server
Server
Hypervisor
Monitor data center network resources, including physical servers, VMs, vSwitch, and TOR switches. Visualized management, physical and virtual network connection discovery, and automatic update
VM 1
88
VM 2
Hypervisor
VM migration
VM 3
VM 2
Dynamically adjust physical network profiles, including ACL, QoS, and DHCP snooping based on VM changes.
Be easy to find faulty equipment because indicators blink when faults occur.
Faulty equipment lighting
Unified Physical and Virtual Resource Management Unified Management of Physical and Virtual Resources Unified Topology and Visual Connections of Physical and Virtual Resources Link between the TOR switch and vSwitch
Link between VMs and vSwitch
NE Management
DC nCenter shows the connections between networks and servers to help network administrators and system administrators locate faults.
89
Link Management
Performance Management
Alarm Management
Report Management
Virtual Awareness of Changes and Dynamic Migration of Network Policies: Topology Before Migration
VM that is about to migrate: Purple Access switch located in current: TOR_136 Physical server connected to: 10.137.59.40
90
Virtual Awareness of Changes and Dynamic Migration of Network Policies: vCenter Initiated Migration
Migrate the VM Purple from 10.137.59.40 to 10.137.59.52 Status: start
91
Virtual Awareness of Changes and Dynamic Migration of Network Policies: Topology After Migration
The VM Purple has migrated to the access switch TOR_137 that is connected to the physical server 10.137.59.52.
92
Virtual Awareness of Changes and Dynamic Migration of Network Policies: Log Changes 2. Click the logs to view change details. 1. nCenter is aware of VM changes.
3. Give suggestions if the operation fails.
4. Execute recovery operations after configurations are recovered.
DC nCenter
nCenter displays VM change logs and provides the recovery function to maximize service reliability and provide basis for fault location. 93
Contents
1 2 3 4 5 6 7
Huawei & EBG Overview Click to add Title Market Summary and Positioning Highlights
Product Comparisons Success Stories
Ordering Guide Resources 94
eSight VS HP Basic Network Management HW
eSight standard edition
HP
iMC standard edition
95
Competition Strategy 1. Focus on the topology for routine maintenance, support convenient operations on the topology (for example, querying traffic, performance, and access terminals), and display multi-dimensional network information. 2. Customize the size and style of device icons to display core devices; define the cross-sectional area of links on the topology views to mark and monitor important links; display information such as interface sending/receiving rate and interface incoming/outgoing bandwidth usage; set link colors based on the interface bandwidth usage to quickly detect faults on links. 3. Support link diagnosis on topology views to quickly locate links with poor quality. 4. Set different performance thresholds to generate four levels of alarms: critical, major, minor, and warning, and support viewing of historical performance data.
eSight VS HP Service Components (1) HW
Competition Strategy
HP
iMC SHM
Huawei supports rich NQA indicators, pre-defined best practices, and quick diagnosis. The number of NQA indicators and pre-defined best practices supported by HP SHM is only 2/3 and 1/3 of those of Huawei respectively. Beside, HP SHM does not support quick diagnosis.
NTA
iMC NTA
Huawei provides a unified dashboard to quickly detect traffic abnormality (IPbased, application-based, or QoS-based) on the entire network and a layered traffic analysis model (entire network > network element > port > application). You can customize the dashboard based on actual needs. HP NTA does not provide a dashboard and cannot obtain traffic data layer by layer.
Secure Center
SecCenter - FW manager SecCenter - IPS manager SecCenter - UTM manager SecCenter - IPS-D Manager
Huawei provides policy redundancy analysis, gives suggestions on policy refinement, and supports device robustness assessment. HP SecCenter does not support these functions.
UBA
LogCenter provides the NAT source tracing, security event analysis, and online behavior analysis functions. However, HP UBA provides the online behavior analysis function only. To provide security reports, the UBA must work together with SecCenter.
SLA Manager
LogCenter Manager
96
eSight VS HP Service Components (2) HW
WLAN Manager
MPLS VPN+ MPLS Tunnel Manager
IPSec VPN Manager
nCenter Manager
HP
Competition Strategy
iMC WSM
1. Huawei provides a configuration wizard to perform AP service deployment in five steps, lowering skill requirements. Huawei also supports batch AP import to deploy services on 100 APs within 10 minutes, improving configuration efficiency. HP WSM supports neither a configuration wizard nor batch import. 2. Huawei can authorize APs or ACs independently to facilitate rights control on them. HP authorizes APs only after users are authorized to use the ACs. 3. Huawei supports fault diagnosis at the terminal side and the network side, improving network maintenance efficiency. HP WSM does not support fault diagnosis.
iMC MPLS VPN+MPL S TE Manager
1. Huawei can detect VPN services on the entire network without specifying the device role. To detect VPN services, HP must specify the device role. 2. Huawei provides one-click fault diagnosis for VPN services to quickly detect faults. You only need to select a service, eSight automatically tests the service between the PE and PE, PE and CE, and PE and remote CE. 3. eSight displays E2E service quality based on service links to detect the quality deterioration trend in advance. HP supports neither display of service faults nor service-oriented SLA. 4. eSight can automatically detect tunnels on the entire network and monitor MPLS TE tunnels and LDP tunnels. You can view VPN services transmitted through these tunnels. HP supports management on RSVP TE tunnels.
IPSec VPN Manager
eSight supports quick fault detection on services. The following information can be diagnosed: interface status at two ends, whether IPSec policies are applied to interfaces, whether the policies can initiate IPSec negotiation, IPSec policy integrity, IKE negotiation result, and IPSec negotiation result. HP cannot detect existing IPSec VPN services on the network and can only display IPSec VPN services that are deployed using the NMS. HP does not support fault diagnosis.
iMC VNM
1. eSight allows users to configure policies on multiple servers in batches; however, HP allows users to configure policies on only one server. 2. eSight can configure and manage standard and distributed VSs running VMware. HP cannot configure or manage distributed VSs. 97
eSight VS Cisco Basic Network Management HW
eSight standard edition
Cisco
Cisco Prime LAN Management Solution (At present, the solution is renamed Cisco Prime Infrastructure.)
98
Competition Strategy 1. Focus on the topology for routine maintenance, support convenient operations on the topology (for example, querying traffic, performance, and access terminals), and display multi-dimensional network information. 2. Customize the size and style of device icons to display core devices; define the cross-sectional area of links on the topology views to mark and monitor important links; display information such as interface sending/receiving rate and interface incoming/outgoing bandwidth usage; set link colors based on the interface bandwidth usage to quickly detect faults on links. 3. Support link diagnosis on topology views to quickly locate links with poor quality. 4. Set different performance thresholds to generate four levels of alarms: critical, major, minor, and warning, and support viewing of historical performance data.
eSight VS Cisco Service Components (1) HW
Competition Strategy
Cisco Cisco Prime LAN Management Solution (At present, the solution is renamed Cisco Prime Infrastructure.)
1. Service-oriented SLA management: eSight predefines service types such as video, voice, real-time application, and web portal based on service characteristics to display service quality. For example, eSight has integrated NQA test instances such as HTTP, DNS, and TCP connection for the web portal service. 2. Network quality scoring: eSight integrates Huawei's network management practices to change SLA assessment into vivid scores. Users are not required to understand complex SLA concepts.
NTA
Cisco Prime Network Analysis Module
1. Layered traffic monitoring: eSight provides a layered traffic analysis model (entire network > network element) and a unified dashboard to quickly detect traffic abnormality on the entire network. 2. Mainstream protocols: eSight support mainstream protocols including NetStream, NetFlow, and sFlow. 3. Abnormal traffic controllable: eSight and NTA are integrated as one system to manage and control abnormal traffic based on ACL rules delivered by the smart configuration tool. However, Cisco NAM is an independent component, which does not provide the network configuration and deployment capabilities. It cannot implement traffic control.
Secure Center
Cisco Prime Security
Huawei provides policy redundancy analysis, gives suggestions on policy refinement, and supports device robustness assessment.
SLA Manager
LogCenter Manager
LogCenter provides the NAT source tracing, security event analysis, and online behavior analysis functions. Cisco does not support NAT source tracing.
99
eSight VS Cisco Service Components (2) Cisco
Competition Strategy
WLAN Manager
Cisco Prime Network Control System (At present, the solution is renamed Cisco Prime Infrastructure.)
Huawei supports integrated wired and wireless management and E2E fault diagnosis at the terminal side and the network side. Huawei provides a configuration wizard to perform AP service deployment in five steps, lowering skill requirements. Huawei also supports batch AP import to deploy services on 100 APs within 10 minutes, improving configuration efficiency.
MPLS VPN+ MPLS Tunnel Manager
Large enterprise: Cisco Active Network Abstraction Carrier: Cisco IP Solution Center
Huawei provides one-click fault diagnosis for VPN services to quickly detect faults. You only need to select a service, eSight automatically tests the service between the PE and PE, PE and CE, and PE and remote CE. eSight displays E2E service performance (service traffic and SLA) based on service links to detect the quality deterioration trend in advance.
Cisco Security Manager
eSight supports fault diagnosis for services to troubleshoot network faults. Users can view the detailed negotiation failure causes. eSight manages IPSec VPN services together with the basic network and allows users to view devices and alarms on the topology. Cisco uses the independent integration tool Event Viewer.
Cisco Data Center Network Manager
eSight manages physical and virtual resources on a topology. eSight can display all devices on the entire network on the topology and allows users to view servers and VMs connected to ToR switches, view ToR switches and VMs connected to servers. Network administrators and system administrators can view remote information of each other during the maintenance process. Configurations on the network side automatically migrate during VM migration. eSight allows users to manually recover policies when migration or login fails. Network policies are configured using the RADIUS protocol, improving configuration efficiency. Configurations can be delivered at a rate of 200 times per second, improved 10 to 20 times. Cisco uses its proprietary protocol to discover the virtual topology and uses SNMP and NetConf to deliver configurations, lowering configuration efficiency. SNMP can deliver configurations 10 times per second, and NetConf can deliver configurations 10 to 20 times per second.
HW
IPSec VPN Manager
nCenter Manager
100
Contents
1 2 3 4 5 6 7
Huawei & EBG Overview Click to add Title Market Summary and Positioning Highlights
Product Comparisons Success Stories
Ordering Guide Resources 101
Bank of Brazil eSight Monitors Network Quality Background
Bank of Brazil has branches sparsely distributed across a wide geography. The bank's network carries traffic from a diverse set of devices. The bank had rolled out a VoIP service but its quality was poor. The VoIP device manufacturer claimed device quality was not the problem.
Solution Huawei used the eSight SLA module to monitor the bank's network and tested voice quality with Device NQA. eSight regularly monitored KPIs (such as latency, jitter and packet loss). It sent alarms of potential performance deterioration to help the customer troubleshoot and optimize the network.
Customer Benefits eSight is able to visualize network quality across both customer and leased networks and provides an easy-to-use solution that helps customers build highquality networks that deliver high-quality services.
102
BovenIJ Hospital eSight Platform for IT-Enabled Healthcare System Background BovenIJ sought an IT vendor that could offer a reliable network solution that would implement unified management and reduce O&M costs. The two most important factors for BovenIJ were: 1. Simple management and operation. 2. Interoperability and compatibility.
Solution eSight is a lightweight NMS that uses a browser/server architecture. eSight's modular design provides flexible deployment options across different enterprise network scenarios. eSight can manage devices from multiple vendors using different adaptation packages. Easy secondary development. eSight supports unified management of wired and WLAN devices.
•
Customer Benefits Monitors network devices in real time. eSight helps locate and rectify faults quickly through an alarm topology linkage. Cost and complexity of network maintenance is significantly reduced. Ensures reliable operation of the BovenIJ healthcare network.
103
eSight – a Foundation for Strong Network Planning Background Huawei's many global branches deploy wireless applications and rent carriers' bandwidth across WANs. Huawei needed to identify normal traffic levels and unauthorized traffic spikes. This avoids inefficient investment and ensures normal network operation. The quality of key applications such as voice and video must be monitored and ensured. Huawei IT hopes to quickly locate and disconnect unauthorized IP terminals in order to ensure information security.
Solution eSight SLA monitors end-to-end network quality of key services. When the packet loss ratio, latency, and jitter exceed defined limits, eSight quickly sends alarms to the network administrators. eSight provides an integrated wired/wireless network management solution. This helped rapid WLAN deployment, and provided a uniform topology which facilitated fault location. eSight's traffic analysis monitors traffic on Huawei's global LAN egresses, identifies normal traffic levels, and detects abnormal traffic levels. eSight terminal management prevents network access by unauthorized terminals.
Customer Benefits eSight ensures real-time network monitoring, and overall security. eSight permits Huawei to profile global network traffic and network traffic trends, and resolve problems caused by bandwidth congestion. It is a foundation for strong network planning.
104
Contents
1 2 3 4 5 6 7
Huawei & EBG Overview Click to add Title Market Summary and Positioning Highlights
Product Comparisons Success Stories
Ordering Guide Resources 105
Quotation for Basic Network Management Version Standard
Professional
Compact
Mandatory
Optional (Incremental Managed Scale)
eSight Application Base – Standard (includes 60 device licenses)
eSight Standard eSight Standard eSight Standard eSight Standard eSight Standard
eSight Application Base – Professional (includes 60 device licenses)
eSight Professional NMS License (for 50 incremental devices)
eSight Application Base – Compact (includes 40 device licenses)
Component
Item
Smart Reporter
eSight Smart Reporter
SNMP Northbound Manager
eSight SNMP northbound service
NMS NMS NMS NMS NMS
License (for License (for License (for License (for License (for
25 incremental devices) 100 incremental devices) 300 incremental devices) 1,000 incremental devices) 5,000 incremental devices)
eSight Professional NMS License (for 200 incremental devices) eSight Professional NMS License (for 500 incremental devices) eSight Professional NMS License (for 2,000 incremental devices)
eSight Standard NMS License (for 50 incremental devices) eSight Standard NMS License (for 200 incremental devices) eSight Standard NMS License (for 500 incremental devices) eSight Standard NMS License (for 2,000 incremental devices) eSight Professional NMS License (for 100 incremental devices) eSight Professional NMS License (for 300 incremental devices) eSight Professional NMS License (for 1,000 incremental devices) eSight Professional NMS License (for 5,000 incremental devices)
You cannot add components to the compact edition and it does not support capacity expansion.
Optional Item eSight Smart Reporter-Special Servicescustomized template development (per template)
Description If the default report cannot meet customer requirements, Huawei allows users to customize report templates as required. eSight provides SNMP alarm northbound interfaces.
106
Quotation for Service Components Component
Mandatory
Optional (Incremental Managed Scale)
Remarks
eSight WLAN License-Incremental 5 AP Licenses
eSight WLAN License-Incremental 50 AP Licenses eSight WLAN License-Incremental 100 AP Licenses eSight WLAN License-Incremental 200 AP Licenses eSight WLAN License-Incremental 500 AP Licenses WLAN Manager
eSight WLAN Manager (includes 5 APs)
eSight WLAN License-Incremental 1,000 AP Licenses eSight WLAN License-Incremental 2,000 AP Licenses eSight WLAN License-Incremental 5,000 AP Licenses eSight WLAN Real-Time Location System (RTLS) eSight WLAN RTLS-5 AP Base Location Service Licenses eSight WLAN RTLS-25 AP Base Location Service Licenses
eSight WLAN RTLS-100 AP Base Location Service Licenses eSight MPLS VPN License-Incremental 50 Device Licenses eSight MPLS VPN License-Incremental 100 Device Licenses
MPLS VPN Manager
eSight MPLS VPN License-Incremental 200 Device Licenses eSight MPLS VPN Manager
eSight MPLS VPN License-Incremental 500 Device Licenses
(includes 60 device licenses)
eSight MPLS VPN License-Incremental 1,000 Device Licenses
eSight MPLS VPN License-Unlimited Device Licenses MPLS Tunnel Manager
MPLS Tunnel Manager
SLA Manager
eSight SLA Manager
It is recommended MPLS tunnels need to be managed.
107
Quotation for Service Components Component
DC nCenter
LogCenter Manager
Mandatory
Optional (Incremental Managed Scale)
eSight DC nCenter Manager (includes 1,000 virtual machine licenses)
eSight eSight eSight eSight
DC nCenter DC nCenter DC nCenter DC nCenter
Basic log management functions on eSight LogCenter (including a small-scale log management license)
Basic log management functions on eSight LogCenter (including a small-scale log management license) Extended eSight LogCenter management function components (including third-party device log management and identity association) eSight LogCenter eSight LogCenter log management function promotion packages Small-scale log management license (managing 250 Syslog logs every second for about 25 devices, tracing 1,250 NAT logs with 250 Mbit/s outgoing bandwidth, and supporting 250 GB storage for about 60 days) Medium-scale log management license (managing 1,000 Syslog logs every second for about 100 devices, tracing 5,000 NAT logs with 1 Gbit/s outgoing bandwidth, and supporting 1 TB storage for about 60 days) Large-scale log management license (managing 2,500 Syslog logs every second for about 250 devices, tracing 125,000 NAT logs with 2.5 Gbit/s outgoing bandwidth, and supporting 2.5 TB storage for about 60 days) Storage expansion license for log management components of eSight LogCenter-1 TB Configured only on one Log Collector Storage expansion license for log management components of eSight LogCenter-10 TB Configured only on one Log Collector Storage expansion license for log management components of eSight LogCenter-30 TB Configured only on one Log Collector
108
License-Incremental License-Incremental License-Incremental License-Incremental
1,000 Virtual Machine Licenses 2,000 Virtual Machine Licenses 5,000 Virtual Machine Licenses 10,000 Virtual Machine Licenses
Remarks DC nCenter is supported by the professional edition only.
Quotation for Service Components Component Secure Center
Mandatory eSight Secure Center (includes 5 device licenses)
Optional (Incremental Managed Scale) eSight Secure Center License-Incremental 5 Devices eSight Secure Center License-Incremental 25 Devices
eSight Secure Center Policy Analyzer eSight NTA License-Incremental 1 Device License
Network Traffic Analyzer
eSight NTA
eSight NTA License-Incremental 2 Device Licenses
eSight NTA License-Incremental 5 Device Licenses eSight IPSec VPN License-Incremental 50 Device Licenses eSight IPSec VPN License-Incremental 100 Device Licenses IPSec VPN Manager
eSight IPSec VPN Manager (includes 60 device licenses)
eSight IPSec VPN License-Incremental 200 Device Licenses
eSight IPSec VPN License-Incremental 500 Device Licenses eSight IPSec VPN License-Incremental 1,000 Device Licenses
109
Remarks
Quotation for Dual Server Item
Hardware
Software
Linux dual server medium scale
Linux Dual System PC Server(PC Server-IBM X3650 M4-2*Xeon 6C E5-2640 2.5G Or Above32G(4*8G)-8*300G-3Y5*8)
Linux Dual Server hot System Software for Oracle,Medium Scale,Hard Disk Mode(1*Veritas Software Packge,1*OS,1*DB)
Linux dual server large scale
Linux Dual System PC Server For Large ScaleCommon(PC Server,IBM X3850X5,4*Xeon 8C E7-4820 2.0G Or Above,64G(8*8G),8*300G,3Y5*8)
Linux Dual Server hot System Software for Oracle,Large Scale,Hard Disk Mode(1*Veritas Software Packge,1*OS,1*DB)
Note: Hardware servers required by eSight Dual Server must be quoted and delivered together with eSight and installed by Huawei personnel.
110
Contents
1 2 3 4 5 6 7
Huawei & EBG Overview Click to add Title Market Summary and Positioning Highlights
Product Comparisons Success Stories
Ordering Guide Resources 111
Get the Trial Versions Download: Link
112
How to Get Huawei Document Resource Weapon1: Enterprise Website
http://enterprise.huawei.com/en/
Channel Partner Program
– To learn Partner Policy
Partnership
– To be a partner
Material & Toolkit
– To find material and toolkit
Special Partner Zone
– ISV
Weapon2: Document Email
Where can I find it and give feedback?
[email protected] 113
Weapon 3: Document User Guide
How to Use Huawei Document Resources Brand
Case Studies
Presentations
Brochures
Bidding
Sales Guide
Training
White Papers
Product Photo
Case Study
Product Main Slide (High-level Version)
Product Brochure (Brief edition)
Function List
Sales Strategy Quick Reference
Product Pre-sale Training Materials
White Paper
Product Main Slide (Tech-level Version)
Product Datasheet
Product Comparison List
Sales Strategy Guidance
FAQ
Quick Reference
Ordering Guide
Feature Brochure
Product Description
Module Brochure
EOM&EOS Notice
Article
Product Video
Product Hardware Description Certificate Report
Test Report (3rd party)
User Report
114
Web http://enterprise.huawei.com/en
Email Where can I find it and give feedback?
[email protected]
How to Get Pre-sale Help
[email protected] Huawei Experts Team Partners
Call Center
7*24 hours pre-sales email and
Partners
http://enterprise.huawei.com /en/about/contact
115
telephone support Products and solutions consulting
HUAWEI ENTERPRISE ICT SOLUTIONS A BETTER WAY
Copyright © 2013 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.
