h3c imc product training - 群環科技 file/hpn imc.p… · swp-imc-uamw-en. h3c imc,user access...
TRANSCRIPT
H3C IMC Product Training
APR Nico Wang2010 May
Next Generation Management Concept
IMC Platform Introduction
IMC Configuration Guide
Content
Traditional Management Model
In the 1980s, the network management
standards defined by the Open System
Interconnection (OSI) reference model
are involved with five major function fields.
In the past two decades, the industry
followed the standards defined by the OSI
to develop products, and roll out a large
variety of network management tools.
The function fields defined by the OSI
define the classification of management
functions. However, the function oriented
classification cannot adapt to the
requirement of lean management of IT
service.
The traditional management mode results in the current situation of "tools available and absence of management" in the industry.
Accounting management
Fault management
Performance management
Configuration management
Security management
Advanced and flexible technical architecture
Integration of user, resource and service
Interacting components
to form management
process
Full-scale integration
Open architecture
Service collaboration
H3C Management Concept
Next Generation Management Concept Unified Integration
Service Interaction
Open Architecture
IMC Platform Introduction
IMC Configuration Guide
Content
Three Key Factors of IT Environment
Resource
User
S
User oriented
Service oriented
Dynamic distribution
Improve user satisfactionImprove work efficiency
Improve service quality Guarantee the service objectives of the enterprise
Improve resource utility Reduce total cost
The IT environment is formed with three major factors, basic resources, IT service and IT user.
User orientation, flexible distribution of IT resources and quick response to the changes of service objectives are the basic requirements on IT support management.
The IT management system should adapt to the IT management objectives, reduce maintenance cost, improve service quality and change responsiveness, and maximize the IT value.
Service
Network resource, storage resource and computing resource
Integration of User, Resource & Service
Network resource Storage resource Computing resource
Router, switch and network formed with router and switch High-speed packet
forwarding capability Secure network
access control
Including Windows, Unix and other types of servers as well as the service software application system on the serversEffective, stable data
computing capability
Resource User
Business leads people to distribute and use IT resources. Secure use of resources
Integration of user and resources
Disk array, tape, storage management and other storage equipment Low-cost, easily
expanded storage space Data security
protection
H3C iMC Functional Organization
Resource
User
S
Service
HomeOverview of network, user and service information
NetworkIntegrated management of network resource,
fault and performance information
UserUnified management of user access and user security
ServiceProcess-based service flow management
Next Generation Management Concept Unified Integration
Service Interaction
Open Architecture
IMC Platform Introduction
IMC Configuration Guide
Content
H3C iMC Service Flow Example - Network Interacts Resource and User
Topology displays
the connection
relationship of
network resources
and shows the utility
status of the network
resources.
Unified integration of
network management
software functions and
access certification
H3C iMC Service Flow Example - Security Interacts Service Flow
IP network
Infected terminal
Port 1
Port 2
Port 3PC1
PC2
Server
Shut down switch port Disconnect user Trigger anti-virus software to kill virus
Client reports
abnormality.
iMC Intelligent Management Center
H3C iMC Service Flow Example - Performance Optimization Service Flow
Headquarters
Branch
WAN link traffic information
iMC Intelligent Management Center
TopN session
Bandwidth utility
Application protocol distribution
Next Generation Management Concept Unified Integration
Service Interaction
Open Architecture
IMC Platform Introduction
IMC Configuration Guide
Content
IMC Open Architecture - SOA
SOA is software architecture and design method, the goal is to organize and use the serve, in order to meet customer's business requirements
Special TasksFunction
Collections
ServiceS
System Organization
Method
ArchitectureA
OrientedO
Distribution Deployment is the typical application of SOA
architecture
Benefit on Open Architecture
Third-party service systems (CRM, ERP, OA…)
SOAP/XML/LDAP and other externally open interfaces
Configuration service component Performance
service component
Authentication service
component
Security service component
Third-party service
component
Storage management service
component
Fault service component
Computing managemen
t service component
The service systems
require internally
component-based
services. Such a feature
facilitates flexible service
component reorganization
and the integration of
third-party services.
The service systems
provide externally multiple
open interfaces, which
enable the organic
integration with the
original service systems
of the user.
Next Generation Management Concept
IMC Platform Introduction
IMC Configuration Guide
Content
iMC Overview
IP User
Router Switch Wireless VoIP
iMC Intelligent Management Platform
Integrate IP user, network devices and service manager, offering a unified security, performance and business oriented management platform
IP Network Devices
Users
IP Services
VPN
User ManagementComponent
• End-point Admission Defense
• User Access Manager
• User Behavior Auditing
• CAMS
Network Service Management Component
• Wireless Service Manager
• Voice Service Manager
• MPLS VPN Manager
Management & Auditing Component
• Network Traffic Analysis
• QoS Manager
• Intelligent Analysis ReportSoon
Soon
Soon
iMC Platform
0231A87D SWP-IMC-IMPW-ENH3C iMC,Intelligent Management Platform Standard Edition For Windows(50 nodes),Software(CD) English Edition
0231A92C SWP-IMC-IMPWN-ENH3C iMC,Intelligent Management Platform Standard Edition For Windows(without nodes),Software(CD) English Edition
3130A26T LIS-IMC-IMPF-EN-25H3C iMC,Intelligent Management Platform Standard Edition (English) License,For 25 nodes
3130A21G LIS-IMC-IMPA-EN-50H3C iMC,Intelligent Management Platform English Edition Standard Edition License,For 50 nodes
3130A21H LIS-IMC-IMPB-EN-100H3C iMC,Intelligent Management Platform English Edition Standard Edition License,For 100 nodes
3130A21J LIS-IMC-IMPC-EN-200H3C iMC,Intelligent Management Platform English Edition Standard Edition License,For 200 nodes
3130A21K LIS-IMC-IMPD-EN-500H3C iMC,Intelligent Management Platform English Edition Standard Edition License,For 500 nodes
3130A21L LIS-IMC-IMPE-EN-1KH3C iMC,Intelligent Management Platform English Edition Standard Edition License,For 1000 nodes
iMC Platform Implement the network management related functions, including topology,
fault, alarm, performance, etc.
Platform is the foundation for all other components
NMF component
iMC User Management Components
EAD Component
User AccessManagement Component
Support all EAD functions of the original CAMS platforms, at the same time, increase in
software distribution, asset management, control, and other USB peripherals such as
desktop management capabilities
Along with iMC platform, implement security management from network equipment to
access terminal
Support all functions of the original CAMS, including LAN access, Portal, LDAP, and other
components, but does not include billing features
User Behavior Auditing
Component
Support user behavior tracing and auditing,
Support multiple log format
Be able to work with EAD to identify abnormal user.
CAMS Multiple user billing model, i.e., time based, traffic based, or fixed monthly cost.
Offer CSI interface for developing third part software
Multiple cost report.
Soon
Soon
iMC User Management ComponentsUAM Module
0231A87G SWP-IMC-UAMW-ENH3C iMC,User Access Management Component(1000 Authentication Users),Software(CD) English Edition
3130A21X LIS-IMC-UAMA-EN-1KH3C iMC,User Access Management Component English Edition License,For 1000 Authentication Users
EAD Module
0231A87C SWP-IMC-EADW-ENH3C iMC,EAD Security Policy Component (500 Security Authentication Users),Software(CD) English Edition
3130A26P LIS-IMC-EADC-EN-200H3C iMC,EAD Security Policy Component English Edition License,For 200 Security Authentication Users
3130A21F LIS-IMC-EADA-EN-500H3C iMC,EAD Security Policy Component English Edition License,For 500 Security Authentication Users
3130A21R LIS-IMC-EADB-EN-1KH3C iMC,EAD Security Policy Component English Edition License,For 1000 Security Authentication Users
3130A26Q LIS-IMC-EADD-EN-2KH3C iMC,EAD Security Policy Component English Edition License,For 2000 Security Authentication Users
iNode EAD Client
0231A759 SWP-WIEAC-PFS-EN-H3H3C iNode, iNode EAD Client Component(for Windows), Software(CD), English Edition, Professional Edition
3130A15R LIS-WIEA-PF200-EN-H3H3C iNode, iNode EAD Client Component(for Windows) English Edition Professional Edition, Application Software Charge Every 200 Users
3130A26J LIS-WIEA-PF500-EN-H3H3C iNode, iNode EAD Client Component(for Windows) English Edition Professional Edition, Application Software Charge Every 500 Users
3130A26K LIS-WIEA-PF1000-EN-H3H3C iNode, iNode EAD Client Component(for Windows) English Edition Professional Edition, Application Software Charge Every 1000 Users
3130A26L LIS-WIEA-PF2000-EN-H3H3C iNode, iNode EAD Client Component(for Windows) English Edition Professional Edition, Application Software Charge Every 2000 Users
User Access Management Component
UAM
Integrated resource and user
High reliability
Multiple administration domain & level
Portal push
Fast clientdeployment
Open
Certificate Authentication
Self-service
Anti ARP attack
Access Management
iMC EAD Component
Note: • H3C EAD component include UAM function. • iNode for EAD require a license for each installation.
Main Function
• Terminal healthy detection.
• Force upgrading software
• Monitoring external accessories, i.e., USB, printer, etc.
• Support AD/LDAP
• Desktop asset management
• Multiple AAA function, i.e., Radius, 802.1x, portal.
User Behavior Auditing Component
UBA Server
Network DeviceCollect log traffic and store in databaseStatistics and analysis data, generate report.
Analysis network packet; Withdraw packet information Output log information
Packet
NetStream/NAT/FLow
Port mirror traffic
DIG log collector
Receiving mirrored trafficGenerator log file
Main function
Working wit H3C router and switch, support mirrored traffic
Support NAT、FLOW、DIG、NetStream log format
Strong log information analysis capability, include web access, FTP, mail, P2P, iM and etc.
Accurate traffic auditing on specified user or port.
User behavior based analysis and be able to work with EAD for identify abnormal user.
Automatically tracing and analysis user’s behavior based on pre-defined auditing policy.
Distributed deployment
Filter and aggregate mass log data.
Flexible log format translation.
iMC Network Service Management Components
Voice Service Management
Wireless Service
Management
Manage and maintain VCX voice gateway, IP telephone and other voice
device, as well as evaluate the quality of VoIP service in the network
Work on iMC platform integrated manage VoIP enabled network.
Manage and maintain H3C wireless network device.
Integrated manage wireless service in the enterprise network
Provide add-value wireless service, i.e, location, rogue device detection, RF
layout, and so on.
MPLS VPN Component
MPLS VPN network deployment, service topology, performance monitoring,
and auditing functions, achieve end-to-end service management
iMC Network Service Management ComponentsWSM Module
0231A87J SWP-IMC-WSMW-EN H3C iMC,Wireless Service Manager Component,Software(CD) English Edition
3130A224 LIS-IMC-WSMA-EN-50 H3C iMC,Wireless Service Manager Component English Edition License,For 50 Fit AP
3130A225 LIS-IMC-WSMB-EN-100 H3C iMC,Wireless Service Manager Component English Edition License,For 100 Fit AP
3130A226 LIS-IMC-WSMC-EN-200 H3C iMC,Wireless Service Manager Component English Edition License,For 200 Fit AP
3130A227 LIS-IMC-WSMD-EN-500 H3C iMC,Wireless Service Manager Component English Edition License,For 500 Fit AP
3130A228 LIS-IMC-WSME-EN-1K H3C iMC,Wireless Service Manager Component English Edition License,For 1000 Fit AP
3130A25C LIS-IMC-WSMF-EN-50 H3C iMC,Wireless Service Manager Component English Edition License,For 50 Fat AP
3130A25D LIS-IMC-WSMG-EN-100 H3C iMC,Wireless Service Manager Component English Edition License,For 100 Fat AP
3130A25E LIS-IMC-WSMH-EN-200 H3C iMC,Wireless Service Manager Component English Edition License,For 200 Fat AP
3130A25F LIS-IMC-WSMI-EN-500 H3C iMC,Wireless Service Manager Component English Edition License,For 500 Fat AP
3130A25G LIS-IMC-WSMJ-EN-1K H3C iMC,Wireless Service Manager Component English Edition License,For 1000 Fat AP
MPLS VPN Module
0231A87A SWP-IMC-BMVMW-EN H3C iMC,MPLS VPN Manager Component(50 nodes),Software(CD) English Edition
3130A216 LIS-IMC-MVMG-EN H3C iMC,BGP/MPLS VPN Manager Component Pack English Edition License
3130A217 LIS-IMC-MVME-ENH3C iMC,Cisco Device BGP/MPLS VPN Management Software Driver Package English Edition License
3130A218 LIS-IMC-MVMA-EN-50 H3C iMC,MPLS VPN Manager Component English Edition License,For 50 nodes
3130A219 LIS-IMC-MVMB-EN-100 H3C iMC,MPLS VPN Manager Component English Edition License,For 100 nodes
3130A21B LIS-IMC-MVMD-EN-500 H3C iMC,MPLS VPN Manager Component English Edition License,For 500 nodes
3130A21C LIS-IMC-MVMF-EN-1K H3C iMC,MPLS VPN Manager Component English Edition License,For 1000 nodes
3130A21D LIS-IMC-MVMH-EN-3K H3C iMC,MPLS VPN Manager Component English Edition License,For 3000 nodes
3130A21E LIS-IMC-MVMI-EN-UR H3C iMC,MPLS VPN Manager Component English Edition License,Unrestricted
3130A28V LIS-IMC-MVMJ-EN H3C iMC,MPLS TE Manager Component Pack English Edition License
iMC Network Service Management Components
VSM Module
0231A0DP SWP-IMC-VSM-EN H3C iMC, VSM Component (for 100 IP Phones), Software(CD) English Edition
3130A0DN LIS-IMC-VSMA-EN-100 H3C iMC, VSM Component English Edition License, For 100 IP Phones
3130A0DP LIS-IMC-VSMB-EN-500 H3C iMC, VSM Component English Edition License, For 500 IP Phones
3130A0DQ LIS-IMC-VSMC-EN-1K H3C iMC, VSM Component English Edition License, For 1000 IP Phones
3130A0DR LIS-IMC-VSMD-EN-5K H3C iMC, VSM Component English Edition License, For 5000 IP Phones
iMC Wireless Service Management
RogueDevice
DetectionIntegrated
ALL Network Resource
RoamingTracing
RF Management
Smart Report
Highlight of WSM
Location Service
iMC Voice Service Management Component
MSR voice Gatewey H3C 31 series IP phone
Voice gateway and SIP terminal
Application
Call process
VCX IPPBXInternet
VCX message server
VCX voice conference
PSTNPBX
Traditional phonetraditional phone
& fax
SIPSIP
SIPSIP
Third part call center
IPSEC VPN
VSM
Configuration
Upgrading
Monitoring
Reporting
…….
iMC MPLS VPN Management Component
Support MPLS L3 VPN
Compatible to multiple vendor’s devices
Step by Step service plan wizard.
Network resource and VPN service detection.
High reliability VPN configuration auditing
VPN connectivity auditing
Graphical traffic management
Smart alarm mechanism
Integrated network resource management Realize a manageable and
operational VPN network!
iMC Management & Auditing Components
NTA Network Traffic Analysis
Monitoring, Network Traffic Analysis, providing various reports
Can use NetStream equipment, can also use the DIG Probe Mirroring
QoS Management
QoS policy design and deployment.
QoS monitoring, auditing and cooperate with other iMC modules, i.e, UTA
iARReport Management
Collecting and analyzing the network running data from iMC platform or
service management modules.
Generate, publish and distribute reports.
User friendly report design tool kit.
Soon
iMC Management & Auditing Components
NTA Module
0231A87K SWP-IMC-NTAW-ENH3C iMC,Network Traffic Analyzer Component,Software(CD) English Edition
0231A817 SWP-IMC-DIGA H3C iMC,DIG Log Probe Component(500M)
3130A229 LIS-IMC-NTAA-EN-1H3C iMC, Network Traffic Analyzer Component English Edition License, For 1 node
3130A22A LIS-IMC-NTAB-EN-2H3C iMC, Network Traffic Analyzer Component English Edition License, For 2 nodes
3130A22B LIS-IMC-NTAC-EN-5H3C iMC, Network Traffic Analyzer Component English Edition License, For 5 nodes
QoSM Module
0231A0B0 SWP-IMC-QOSM-ENH3C iMC, QoS Manager Component, Software(CD) English Edition
iMC Network Traffic Analysis Component
UBA Server
Network DeviceCollect log traffic and store in databaseStatistics and analysis data, generate report.
Analysis network packet; Withdraw packet information Output log information
Packet
NetStream/NAT/FLow
Port mirror traffic
DIG log collector
Receiving mirrored trafficGenerator log file Main function
Working wit H3C router and switch, support mirrored traffic
Support NAT、FLOW、DIG、NetStream log format
Automatically generate more than 10 pre-defined report, which include traffic demand, application, nodes, session and so on.
Alarm for abnormal traffic
P2P application traffic monitoring and analysis
MAC address and host name based traffic monitoring
Work with iMC UAM for providing the detail of internet access
Real-time database space mornitoring
iMC QoS Management Component
iMCQoSM
Netowrk QoS design
• iMC topology and bandwidth usage display
• iMC performance report
• QoS policy discovery• End-to-end service
design
QoS policy deployment
• ACL download• QoS download• Intelligent QoS
diagnose
QoS monitoring, auditing and cooperation
• QoS monitoring• SLA detection and
report• iMC NTA traffic analysis
and alarm• Policy auditing• Update cooperating
policy
iMC Intelligent Analysis Report Component
iMC pre-defined Report
iAR report designer
iMC data source
iMC service data source
Intelligent data analysis(ETL
)
iMC Report
Platform
iMC pre-defined service report
Report delivery (E-mail)
iMC iAR
Data collection Withdraw performance, alarm and
resource data from iMC platformWithdraw service data from service
module ……Data analysis Find useful information from mass data
(ETL)……Report design Rich pre-defined report Abundant open data source Advanced visual report designer. …… Report publish Report publish, queue and export……Report delivery Regular report delivery Deliver report via email
Next Generation Management Concept
IMC Platform Introduction
IMC Configuration Guide
Content
iMC Platform Server Configuration Guide (Windows)
ItemsTypical Configuration for less than 500 devices (Windows)
Typical Configuration for 500-1000 devices (Windows)
Typical Configuration for 1000-2000 devices (Windows)
CPU
Type: >= Intel Xeon EM64TClock Speed >=3.0 G Hz Cache >= 2MB
Type: >= Intel Xeon EM64TClock Speed >=3.0 G Hz Cache >= 2MB(Dual CPUs are recommended)
Type: >= Intel Xeon EM64TClock Speed >=3.0 G Hz Cache >= 2MB(Dual CPUs are recommended)
Memory >= 2GB >= 2GB >= 4GB
Hard disk
>= 144GB >= 144GB >= 144GB
Network adapter
10/100/1000Mb auto-sensing Network adapter
10/100/1000Mb auto-sensing Network adapter
10/100/1000Mb auto-sensing Network adapter
Sound card
Sound card Sound card Sound card
iMC Platform Server Configuration Guide (Solaris)
ItemsTypical Configuration for less than 500 devices (Windows)
Typical Configuration for 500-1000 devices (Windows)
Typical Configuration for 1000-2000 devices (Windows)
CPU SUN SPARC>=1.5 G Hz
SUN SPARC >=1.5 G Hz (Dual CPUs are recommended)
SUN SPARC >=1.5 G Hz (Dual CPUs are recommended)
Memory >= 2GB >= 3GB >= 4GB
Hard disk
>= 80GB >= 160GB >= 160GB
Network adapter
10/100/1000Mb auto-sensing Network adapter
10/100/1000Mb auto-sensing Network adapter
10/100/1000Mb auto-sensing Network adapter
Sound card
Sound card Sound card Sound card
iMC Components Installation Guide
H3C iMC Component Sever RequirediMC PLAT Independent Server (Master)
UAM
Independent Server .• when the managed device is less than 100, UAM can put on the
same server with iMC Platform• When the number of managed user is greater than 10,000, user
self-service module should put on an independent server.
EAD Install with UAM
CAMS Independent Server
MPLS VPN Independent Server
NTA Independent Server. It is also allowed to run on several servers.
UBA Independent Server. It is also allowed to run on several servers.
WSM Independent Server
QoSMInstall on the same server with iMC Plat. • When the data collected by SLA module is too big, SLA is
recommended put on an independent server.
Q&A