huawei esight ipsec vpn promotional theme slides huawei esight ipsec vpn management solutionclick to...
TRANSCRIPT
Huawei eSight
IPSec VPN Promotional Theme Slides
Version: V1.0 (2013-10-17)
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 2
Agenda
Click to add Title 2 Huawei eSight IPSec VPN Management Solution
Click to add Title 1 IPSec VPN Network Management Challenges
Click to add Title 3 Competition Analysis
Click to add Title 4 Success Stories
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 3
IPSec VPN Management Challenges
How can I monitor IPSec
network operation?
How can I rapidly locate VPN
device faults?
How to implement visualized management for complicated VPNs to improve
O&M efficiency?
There are too many IPSec VPN
configuration parameters and
commands, making
troubleshooting difficult. How
can I simplify routine
maintenance?
Do VPN tunnels work properly?
How can I rapidly detect
network service interruption?
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 4
Huawei eSight IPSec VPN Management Features
Monitoring
helping O&M
One-click locating
faults
Intelligent automatic discovery
to avoid complicated
networking
Visualized service monitoring
1 1
One-click rapid fault locating
1
Automatically discovers IPSec services and
identifies networking.
2 Rapidly classifies networks.
Provides a graphical interface to monitor
service traffic. Provides brief information to
directly display service operation conditions
on the entire network.
2 Uses lists to monitor VPN tunnel operating
status and key information, such as
alarms, in multiple dimensions.
3 Provides various topology operations,
association between topologies and
alarms, and association between
alarms and service lists to directly
display service faults.
Locates network faults through one click.
2 Provides accurate service fault causes.
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 5
Agenda
Click to add Title 2 Huawei eSight IPSec VPN Management Solution
Click to add Title 1 IPSec VPN Network Management Challenges
Click to add Title 3 Competition Analysis
Click to add Title 4 Success Stories
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 6
Huawei eSight IPSec VPN Management Solution
Deploy
Discover
Monitor Query
Diagnose
Use service lists and
topologies to monitor VPN
performance, service alarms,
and link quality in a centralized
manner.
Use commands or an intelligent
configuration tool to deploy
services on the network.
Use the brief information
pages to help users
understand IPSec VPN
O&M conditions.
Provide one-click fault
diagnosis to help
rapidly locate service
faults.
Discover deployed services to
the eSight for monitoring.
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 7
Intelligent Configuration Tool Deploying IPSec VPN
Services in Batches
1 Use a template to configure IPSec service
parameters to reduce repeated operations. 2 Deploy services in batches to accelerate service deployment.
3 View historical operation records and
results.
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 8
Intelligent Automatic Discovery Enabling Visualized IPSec VPN Service Monitoring
After automatic discovery
is complete, the service
list shows discovered
VPN services.
2 View service topologies and networking.
3
Manage IPSec VPN services through simple operations. 1
Headquarters
Level-1
branches
Level-2
branches
Internet
IPSec VPN
IPSec VPN
IPSec VPN
IPSec VPN
IPSec VPN
eSight IPSec
VPN management
A fault
occurs.
External
branches
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 9
Service Performance Monitoring Improving O&M Efficiency
Monitoring Indicator Purpose
Sending and receiving byte and
packet rates of all IPSec tunnels
Capacity expansion pre-
warning
Sending and receiving byte and
packet rates of a single IPSec
tunnel
User behavior analysis
Packet loss ratios in the sending
and receiving directions of all
IPSec tunnels
IPSec service operation
quality analysis on the
device
Packet loss ratios in the sending
and receiving directions of a single
IPSec tunnel
IPSec service operation
quality analysis on the
tunnel
Incoming and outgoing traffic rates
on an interface
Capacity expansion pre-
warning
Key indicators monitored by IPSec O&M Performance task
establishment: establish
performance collection tasks
and set thresholds for key
indicators.
Alarm monitoring:
monitor threshold-
exceeding alarms and
device alarms.
Real-time performance query:
view details on the real-time
performance query page.
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 10
Network-wide Service Information Overview Helping Rapidly Understand Network Operation Conditions VPN management statistics: visually display network status in terms of physical device type, alarm, service status.
Visual display: histograms and pie charts show network operation quality, helping rapidly identify potential network problems.
Support Tooltip to prompt detailed information.
Support the customization of DashBoard display content.
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 11
One-click Fault Diagnosis Helping Rapidly Locate Service Faults
2 Fault diagnosis helps rapidly analyze service negotiation failure
causes.
View service interruption causes on the alarm page. 1
Headquarters
Level-1
branches
Level-2
branches
Internet
IPSec VPN
IPSec VPN
IPSec VPN
IPSec VPN
IPSec VPN
eSight IPSec VPN
management
A fault
occurs.
External
branches
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 12
Agenda
Click to add Title 2 Huawei eSight IPSec VPN Management Solution
Click to add Title 1 IPSec VPN Network Management Challenges
Click to add Title 3 Competition Analysis
Click to add Title 4 Success Stories
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 13
Competition Analysis: Huawei vs. Cisco Function Huawei Cisco Beating Policies Avoiding Points Dominant Bidding Items
Service
deployment
Supports end-to-end deployment using an
intelligent configuration tool.
Provides pre-
deployment/deployment
capabilities.
Supports service planning and
deployment on the GUI. Supports
service planning using topologies.
Emphasize flexible
configuration and support for
VPN deployment on
diversified networking.
Cisco provides pre-deployment/deployment
capabilities. Huawei does not provide service
deployment on a GUI. Configuration procedure
on Cisco CSM is complicated. In addition, using
a GUI for batch service deployment is
inconvenient. For personnel familiar with
services, intelligent configuration is flexible for
batch service deployment.
Service
discovery
Identifies service networking types and
supports IPSec service discovery in
diversified networking. Supports third-party
interconnection service discovery and the
management of Huawei device-side
services.
Requires networking type selection
before service discovery. Supports
service discovery by importing a
configuration file. Services to be
discovered do not need to be
added to the CSM in advance.
Huawei eSight supports
network-wide service
discovery without networking
type selection.
Huawei eSight supports third-party
interconnection service discovery and the
management of Huawei device-side services, but
does not support service restoration by importing
a configuration file.
Automatic discovery of network-
wide services, including third-
party interconnection services
Service
monitoring
Supports tunnel information query, the
query of currently matched protection
rules, and tunnel up and down records.
Supports the query of outgoing encrypted
service traffic and the packet loss ratio.
Supports the query of outgoing
encrypted service traffic and the
packet loss ratio.
Huawei uses a unified
platform to display service
status and faults. CSM uses
the additional integration tool,
Event Viewer.
Integration of VPN management
and basic network management
Alarm and performance query
on VPN topologies
Service
diagnosis
Supports the check of configuration
integrity, interface operating status, service
binding status, encrypted data matching,
route reachability, and service negotiation.
Does not support service
diagnosis.
Cisco does not support IPSec
service diagnostic tools.
The service fault diagnosis
function helps locate network
faults and allows you to query
negotiation failure causes.
Service
topology
Displays service topology networking and
supports service status query, service
alarm monitoring, and service performance
display on the topology.
Supports service topology
planning. Does not support service
status display on the topology.
Emphasize service status
displayed on the service
topology and association
among performance, alarms,
and service status.
Huawei eSight does not support service topology
planning, but service status can be monitored
based on the service topology.
Alarm and performance query
on VPN topologies
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 14
Competition Analysis: Huawei vs. H3C Function Huawei H3C Beating Policies Avoiding Points Dominant Bidding Items
Service
deployment
Supports end-to-end deployment using an
intelligent configuration tool.
Supports service
deployment on a GUI.
Supports only the
Hub-Spoke
networking (policy
template).
Emphasize that the intelligent configuration tool is
more flexible for batch service deployment and
applies to more scenarios.
Huawei does not provide a GUI
to deploy services. Using a GUI
for batch service deployment is
inconvenient due to complicated
operations. For personnel
familiar with services, intelligent
configuration is flexible for batch
service deployment.
Automatic
discovery
Identifies service networking types and supports
IPSec service discovery in diversified networking.
Supports third-party interconnection service
discovery and the management of Huawei device-
side services.
Does not support
service restoration.
The NMS is seldom used for service deployment
on VPNs with dial-up branches. Instead, a USB
storage device is used or the configuration file is
copied for service deployment. H3C iMC cannot
discover existing NEs for monitoring.
If IPSec VPN tunnels have been configuration on
NEs before the iMC is deployed, these tunnels
cannot be managed as current tunnels or historical
tunnels or displayed in the topology for monitoring.
IPSec VPN service restoration
Service
monitoring
Supports tunnel information query, the query of
currently matched protection rules, and tunnel up
and down records.
Supports the query of outgoing encrypted service
traffic and the packet loss ratio.
Supports VPN tunnel
traffic monitoring and
top N monitoring
reports.
Huawei eSight provides accurate alarms for
negotiation failures.
Service
diagnosis
Supports the check of configuration integrity,
interface operating status, service binding status,
encrypted data matching, route reachability, and
service negotiation.
Not supported H3C does not support IPSec service diagnostic
tools. Negotiation failure cause query
Service
topology
Displays service topology networking and supports
service status query, service alarm monitoring,
and service performance display on the topology.
Provides similar
functions as Huawei.
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 15
Agenda
Click to add Title 2 Huawei eSight IPSec VPN Management Solution
Click to add Title 1 IPSec VPN Network Management Challenges
Click to add Title 3 Competition Analysis
4 Click to add Title Success Stories
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 16
Assisting PetroChina Jiangsu Efficiently Managing Petrol Stations
Internal network of the
provincial company Core switch of the
provincial company Internet
Carrier
egress
Headquarters H3C F1000E
Current Situations: There are many scattered petrol stations, making management difficult.
VPN operating status cannot be monitored.
A total of 500 petrol stations
City
Petrol station network
ADSL
modem USG2000
VPN management
component
IPSec VPN
IPSec VPN [Unified Management]
Automatically discover USGs in cities to the
VPN management component.
Divide the entire network into subnets, so that
each city administrator understands the
operating status of devices in the city.
Assign city-based permissions to city
administrators to ensure that a city
administrator can manage only the devices in
the city, improving information security.
[Centralized Monitoring]
The health status of 500 VPN tunnels is
monitored in real time.
Statistics about top N devices based on
offline alarms and offline durations are
provided.
USG5000
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 17
Ensuring Timely Business Data Transmission for KFC Malaysia
Background: In 2010, the global restaurant chain giant KFC established a network in Malaysia to
transmit business data.
KFC employs advanced management, emphasizes efficiency, has high requirements for
the degree of information, and requires a high level of confidentiality of commercial data.
O&M Values: In numerous KFC stores nationwide, devices are configured and VPNs are
managed in a centralized manner, improving management efficiency.
O&M personnel understand network conditions in real time and analyze
network operating pressures based on multiple types of data.
Added Commercial Values:
Commercial information data is seamlessly integrated to reduce
management costs (equal to increasing profits).
Complete VPN management secures trade secrets and increases
competitiveness in the industry.
The eSight can efficiently
resolve 81% of network
management problems.
1.58% 1.20%
1.24% 1.27%
1.30% 1.36%
1
1.1
1.2
1.3
1.4
-
1,000
2,000
3,000
4,000
2008年 2009年 2010年 2011年 2012年 2013年
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 18
KFC Project Networking
USG5000
Malaysia has 300 to 400 KFC stores.
Internet
VPN management
component
3G
IPSec
VPN
KFC stores are
interconnected with the
bank over a Telekom VPN.
Credit Card Terminal
FTP server
Mail server
TELEKOM
IP VPN
CIMB Bank
POS machine PC
USG2000 1 Mbit/s
512 kbit/s
A switchover occurs
due to a fault.
The fault is rectified.
Encrypted data transmission on
the 3G network guarantees data
reliability.
The VPN management
component connects to each
KFC store through a VPN tunnel
to manage and monitor
encrypted data transmission.
The entire network is visualized
and reliable.
If a fault occurs, the eSight
sends an email or a short
message to rapidly notify the
administrator. The automated
management reduces costs and
improves O&M efficiency.
The USGs in more than
300 KFC stores are
discovered to the eSight for
unified management.
The centralized
configuration function helps
deliver configuration to all
devices at a time.
The VPN management
component at the
headquarters monitors the
running of all VPNs
nationwide.
Services are
switched to the
3G network if
the VPN fails.
[Secure and
Reliable Monitoring]
3G backup network Properly running VPN
[Centralized VPN
Management]
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 19
Providing a Security Network Solution for Polish Ministry of the Interior
Branch1
GDC1
VPN gateway
aggregation
DC VPN gateway
aggregation
E200E-X E200E-X E200E-X
GDC2
Internet
Branch2 Branch3
VPN tunnel
IPSec encryption
Background:
• Ministry of the Interior needs redundant and secure tunnels
for communication.
• More than 500 branches need to connect to the
headquarters.
Solution:
• Deploy two Eudemong1000Es at the headquarters as the
IPSec center. Deploy a Eudemon200E-X1 in each branch to
communicate with the headquarters through a site-to-site
IPSec VPN. Use PKI for authentication. Install the VPN
management component for VPN management.
VPN management
component
O&M Values: Centralized VPN management for massive branches improves
management efficiency.
O&M personnel understand network conditions in real time and
analyze network operating pressures based on multiple types
of data.
HUAWEI ENTERPRISE ICT SOLUTIONS A BETTER WAY