H3C IMC Product Training APR Nico Wang 2010 May Content Next - - PowerPoint PPT Presentation

H3C IMC Product Training

APR Nico Wang 2010 May

 Next Generation Management Concept  IMC Platform Introduction  IMC Configuration Guide

Content

Traditional Management Model

 In the 1980s, the network management standards defined by the Open System Interconnection (OSI) reference model are involved with five major function fields.  In the past two decades, the industry followed the standards defined by the OSI to develop products, and roll out a large variety of network management tools.  The function fields defined by the OSI define the classification of management

• functions. However, the function oriented

classification cannot adapt to the requirement of lean management of IT service. The traditional management mode results in the current situation of "tools available and absence of management" in the industry. Accounting management Fault management Performance management Configuration management Security management

Advanced and flexible technical architecture Integration of user, resource and service Interacting components to form management process

Full-scale integration Open architecture Service collaboration

H3C Management Concept

 Next Generation Management Concept

 Unified Integration  Service Interaction  Open Architecture

 IMC Platform Introduction  IMC Configuration Guide

Content

Three Key Factors of IT Environment

Resource User

S

User oriented Service oriented Dynamic distribution

Improve user satisfaction Improve work efficiency Improve service quality Guarantee the service

• bjectives of the

enterprise Improve resource utility Reduce total cost

 The IT environment is

formed with three major factors, basic resources, IT service and IT user.

 User orientation, flexible

distribution of IT resources and quick response to the changes of service

• bjectives are the basic

requirements on IT support management.

 The IT management system

should adapt to the IT management objectives, reduce maintenance cost, improve service quality and change responsiveness, and maximize the IT value.

Service

Network resource, storage resource and computing resource

Integration of User, Resource & Service

Network resource Storage resource Computing resource

Router, switch and

network formed with router and switch

High-speed packet

forwarding capability

Secure network

access control

Including Windows,

Unix and other types

• f servers as well as

the service software application system

• n the servers

Effective, stable data

computing capability

Resource User

Business leads people to distribute and use IT resources.

Secure use of resources Integration of user and resources

Disk array, tape,

storage management and other storage equipment

Low-cost, easily

expanded storage space

Data security

protection

H3C iMC Functional Organization

Resource User

S

Service Home

Overview of network, user and service information

Network

Integrated management of network resource, fault and performance information

User

Unified management of user access and user security

Service

Process-based service flow management

 Next Generation Management Concept

 Unified Integration  Service Interaction  Open Architecture

 IMC Platform Introduction  IMC Configuration Guide

Content

H3C iMC Service Flow Example

• Network Interacts Resource and User

 Topology displays the connection relationship of network resources and shows the utility status of the network resources.  Unified integration of network management software functions and access certification

H3C iMC Service Flow Example

• Security Interacts Service Flow

IP network

Infected terminal

Port 1 Port 2 Port 3

PC1 PC2 Server

Shut down switch port Disconnect user Trigger anti-virus software to kill virus

Client reports abnormality. iMC Intelligent Management Center

H3C iMC Service Flow Example

• Performance Optimization Service Flow

Headquarters

Branch

WAN link traffic information iMC Intelligent Management Center TopN session Bandwidth utility Application protocol distribution

 Next Generation Management Concept

 Unified Integration  Service Interaction  Open Architecture

 IMC Platform Introduction  IMC Configuration Guide

Content

IMC Open Architecture - SOA

SOA is software architecture and design method, the goal is to organize and use the serve, in order to meet customer's business requirements

Special Tasks Function Collections

Service

S

System Organization Method

Architecture

A

Oriented

O

 Distribution Deployment is the typical application of SOA architecture

Benefit on Open Architecture

Third-party service systems (CRM, ERP, OA…) SOAP/XML/LDAP and other externally open interfaces Configuration service component Performance service component Authenticatio n service component Security service compone nt Third-party service component Storage manageme nt service component Fault service component Computing managemen t service component

 The service systems require internally component-based

• services. Such a feature

facilitates flexible service component reorganization and the integration of third-party services.  The service systems provide externally multiple

• pen interfaces, which

enable the organic integration with the

• riginal service systems
• f the user.

 Next Generation Management Concept  IMC Platform Introduction  IMC Configuration Guide

Content

iMC Overview

IP User

Router Switch Wireless VoIP

iMC Intelligent Management Platform

Integrate IP user, network devices and service manager, offering a unified security, performance and business oriented management platform

IP Network Devices

Users

IP Services

VPN User Management

Component

• End-point Admission

Defense

• User Access Manager
• User Behavior Auditing
• CAMS

Network Service Management Component

• Wireless Service Manager
• Voice Service Manager
• MPLS VPN Manager

Management & Auditing Component

• Network Traffic Analysis
• QoS Manager
• Intelligent Analysis Report

Soon Soon Soon

iMC Platform

0231A87D SWP-IMC-IMPW-EN H3C iMC,Intelligent Management Platform Standard Edition For Windows(50 nodes),Software(CD) English Edition 0231A92C SWP-IMC-IMPWN-EN H3C iMC,Intelligent Management Platform Standard Edition For Windows(without nodes),Software(CD) English Edition 3130A26T LIS-IMC-IMPF-EN-25 H3C iMC,Intelligent Management Platform Standard Edition (English) License,For 25 nodes 3130A21G LIS-IMC-IMPA-EN-50 H3C iMC,Intelligent Management Platform English Edition Standard Edition License,For 50 nodes 3130A21H LIS-IMC-IMPB-EN-100 H3C iMC,Intelligent Management Platform English Edition Standard Edition License,For 100 nodes 3130A21J LIS-IMC-IMPC-EN-200 H3C iMC,Intelligent Management Platform English Edition Standard Edition License,For 200 nodes 3130A21K LIS-IMC-IMPD-EN-500 H3C iMC,Intelligent Management Platform English Edition Standard Edition License,For 500 nodes 3130A21L LIS-IMC-IMPE-EN-1K H3C iMC,Intelligent Management Platform English Edition Standard Edition License,For 1000 nodes

iMC Platform

 Implement the network management related functions, including topology, fault, alarm, performance, etc.  Platform is the foundation for all other components  NMF component

iMC User Management Components

EAD Component User Access Management Component

 Support all EAD functions of the original CAMS platforms, at the same time, increase in software distribution, asset management, control, and other USB peripherals such as desktop management capabilities  Along with iMC platform, implement security management from network equipment to access terminal  Support all functions of the original CAMS, including LAN access, Portal, LDAP, and other components, but does not include billing features

User Behavior Auditing Component

 Support user behavior tracing and auditing,  Support multiple log format  Be able to work with EAD to identify abnormal user.

CAMS

 Multiple user billing model, i.e., time based, traffic based, or fixed monthly cost.  Offer CSI interface for developing third part software  Multiple cost report. Soon Soon

iMC User Management Components

UAM Module 0231A87G SWP-IMC-UAMW-EN H3C iMC,User Access Management Component(1000 Authentication Users),Software(CD) English Edition 3130A21X LIS-IMC-UAMA-EN-1K H3C iMC,User Access Management Component English Edition License,For 1000 Authentication Users EAD Module 0231A87C SWP-IMC-EADW-EN H3C iMC,EAD Security Policy Component (500 Security Authentication Users),Software(CD) English Edition 3130A26P LIS-IMC-EADC-EN-200 H3C iMC,EAD Security Policy Component English Edition License,For 200 Security Authentication Users 3130A21F LIS-IMC-EADA-EN-500 H3C iMC,EAD Security Policy Component English Edition License,For 500 Security Authentication Users 3130A21R LIS-IMC-EADB-EN-1K H3C iMC,EAD Security Policy Component English Edition License,For 1000 Security Authentication Users 3130A26Q LIS-IMC-EADD-EN-2K H3C iMC,EAD Security Policy Component English Edition License,For 2000 Security Authentication Users iNode EAD Client 0231A759 SWP-WIEAC-PFS-EN-H3 H3C iNode, iNode EAD Client Component(for Windows), Software(CD), English Edition, Professional Edition 3130A15R LIS-WIEA-PF200-EN-H3 H3C iNode, iNode EAD Client Component(for Windows) English Edition Professional Edition, Application Software Charge Every 200 Users 3130A26J LIS-WIEA-PF500-EN-H3 H3C iNode, iNode EAD Client Component(for Windows) English Edition Professional Edition, Application Software Charge Every 500 Users 3130A26K LIS-WIEA-PF1000-EN-H3 H3C iNode, iNode EAD Client Component(for Windows) English Edition Professional Edition, Application Software Charge Every 1000 Users 3130A26L LIS-WIEA-PF2000-EN-H3 H3C iNode, iNode EAD Client Component(for Windows) English Edition Professional Edition, Application Software Charge Every 2000 Users

User Access Management Component

UAM

Integrated resource and user High reliability Multiple administration domain & level Portal push Fast client deployment Open Certificate Authentication Self-service Anti ARP attack Access Management

iMC EAD Component

Note:

• H3C EAD component include UAM function.
• iNode for EAD require a license for each installation.

Main Function

• Terminal healthy

detection.

• Force upgrading

software

• Monitoring external

accessories, i.e., USB, printer, etc.

• Support AD/LDAP
• Desktop asset

management

• Multiple AAA function, i.e.,

Radius, 802.1x, portal.

User Behavior Auditing Component

UBA Server

Network Device

Collect log traffic and store in database Statistics and analysis data, generate report. Analysis network packet; Withdraw packet information Output log information

Packet

NetStream/NAT/FLow

Port mirror traffic

DIG log collector

Receiving mirrored traffic Generator log file

Main function

Working wit H3C router and switch, support mirrored traffic Support NAT、FLOW、DIG、 NetStream log format Strong log information analysis capability, include web access, FTP, mail, P2P, iM and etc. Accurate traffic auditing on specified user or port. User behavior based analysis and be able to work with EAD for identify abnormal user. Automatically tracing and analysis user’s behavior based on pre- defined auditing policy. Distributed deployment Filter and aggregate mass log data. Flexible log format translation.

iMC Network Service Management Components

Voice Service Management Wireless Service Management

 Manage and maintain VCX voice gateway, IP telephone and other voice device, as well as evaluate the quality of VoIP service in the network  Work on iMC platform integrated manage VoIP enabled network.  Manage and maintain H3C wireless network device.  Integrated manage wireless service in the enterprise network  Provide add-value wireless service, i.e, location, rogue device detection, RF layout, and so on.

MPLS VPN Component

 MPLS VPN network deployment, service topology, performance monitoring, and auditing functions, achieve end-to-end service management

iMC Network Service Management Components

WSM Module 0231A87J SWP-IMC-WSMW-EN H3C iMC,Wireless Service Manager Component,Software(CD) English Edition 3130A224 LIS-IMC-WSMA-EN-50 H3C iMC,Wireless Service Manager Component English Edition License,For 50 Fit AP 3130A225 LIS-IMC-WSMB-EN-100 H3C iMC,Wireless Service Manager Component English Edition License,For 100 Fit AP 3130A226 LIS-IMC-WSMC-EN-200 H3C iMC,Wireless Service Manager Component English Edition License,For 200 Fit AP 3130A227 LIS-IMC-WSMD-EN-500 H3C iMC,Wireless Service Manager Component English Edition License,For 500 Fit AP 3130A228 LIS-IMC-WSME-EN-1K H3C iMC,Wireless Service Manager Component English Edition License,For 1000 Fit AP 3130A25C LIS-IMC-WSMF-EN-50 H3C iMC,Wireless Service Manager Component English Edition License,For 50 Fat AP 3130A25D LIS-IMC-WSMG-EN-100 H3C iMC,Wireless Service Manager Component English Edition License,For 100 Fat AP 3130A25E LIS-IMC-WSMH-EN-200 H3C iMC,Wireless Service Manager Component English Edition License,For 200 Fat AP 3130A25F LIS-IMC-WSMI-EN-500 H3C iMC,Wireless Service Manager Component English Edition License,For 500 Fat AP 3130A25G LIS-IMC-WSMJ-EN-1K H3C iMC,Wireless Service Manager Component English Edition License,For 1000 Fat AP MPLS VPN Module 0231A87A SWP-IMC-BMVMW-EN H3C iMC,MPLS VPN Manager Component(50 nodes),Software(CD) English Edition 3130A216 LIS-IMC-MVMG-EN H3C iMC,BGP/MPLS VPN Manager Component Pack English Edition License 3130A217 LIS-IMC-MVME-EN H3C iMC,Cisco Device BGP/MPLS VPN Management Software Driver Package English Edition License 3130A218 LIS-IMC-MVMA-EN-50 H3C iMC,MPLS VPN Manager Component English Edition License,For 50 nodes 3130A219 LIS-IMC-MVMB-EN-100 H3C iMC,MPLS VPN Manager Component English Edition License,For 100 nodes 3130A21B LIS-IMC-MVMD-EN-500 H3C iMC,MPLS VPN Manager Component English Edition License,For 500 nodes 3130A21C LIS-IMC-MVMF-EN-1K H3C iMC,MPLS VPN Manager Component English Edition License,For 1000 nodes 3130A21D LIS-IMC-MVMH-EN-3K H3C iMC,MPLS VPN Manager Component English Edition License,For 3000 nodes 3130A21E LIS-IMC-MVMI-EN-UR H3C iMC,MPLS VPN Manager Component English Edition License,Unrestricted 3130A28V LIS-IMC-MVMJ-EN H3C iMC,MPLS TE Manager Component Pack English Edition License

iMC Network Service Management Components

VSM Module 0231A0DP SWP-IMC-VSM-EN H3C iMC, VSM Component (for 100 IP Phones), Software(CD) English Edition 3130A0DN LIS-IMC-VSMA-EN-100 H3C iMC, VSM Component English Edition License, For 100 IP Phones 3130A0DP LIS-IMC-VSMB-EN-500 H3C iMC, VSM Component English Edition License, For 500 IP Phones 3130A0DQ LIS-IMC-VSMC-EN-1K H3C iMC, VSM Component English Edition License, For 1000 IP Phones 3130A0DR LIS-IMC-VSMD-EN-5K H3C iMC, VSM Component English Edition License, For 5000 IP Phones

iMC Wireless Service Management

Rogue Device Detection Integrated

ALL Network Resource

Roaming Tracing RF Management Smart Report

Highlight of WSM

Location Service

iMC Voice Service Management Component

MSR voice Gatewey H3C 31 series IP phone

Voice gateway and SIP terminal Application Call process

VCX IPPBX

Internet

VCX message server VCX voice conference

PSTN

PBX

Traditional phone traditional phone & fax

SIP SIP SIP SIP Third part call center IPSEC VPN

VSM Configuration Upgrading Monitoring Reporting …….

iMC MPLS VPN Management Component

 Support MPLS L3 VPN  Compatible to multiple vendor’s devices  Step by Step service plan wizard.  Network resource and VPN service detection.  High reliability

 VPN configuration auditing  VPN connectivity auditing  Graphical traffic management  Smart alarm mechanism

 Integrated network resource management

Realize a manageable and

• perational VPN network！

iMC Management & Auditing Components

NTA Network Traffic Analysis  Monitoring, Network Traffic Analysis, providing various reports  Can use NetStream equipment, can also use the DIG Probe Mirroring

QoS Management

 QoS policy design and deployment.  QoS monitoring, auditing and cooperate with other iMC modules, i.e, UTA

iAR Report Management

 Collecting and analyzing the network running data from iMC platform or service management modules.  Generate, publish and distribute reports.  User friendly report design tool kit.

Soon

iMC Management & Auditing Components

NTA Module 0231A87K SWP-IMC-NTAW-EN H3C iMC,Network Traffic Analyzer Component,Software(CD) English Edition 0231A817 SWP-IMC-DIGA H3C iMC,DIG Log Probe Component(500M) 3130A229 LIS-IMC-NTAA-EN-1 H3C iMC, Network Traffic Analyzer Component English Edition License, For 1 node 3130A22A LIS-IMC-NTAB-EN-2 H3C iMC, Network Traffic Analyzer Component English Edition License, For 2 nodes 3130A22B LIS-IMC-NTAC-EN-5 H3C iMC, Network Traffic Analyzer Component English Edition License, For 5 nodes QoSM Module 0231A0B0 SWP-IMC-QOSM-EN H3C iMC, QoS Manager Component, Software(CD) English Edition

iMC Network Traffic Analysis Component

UBA Server

Network Device

Collect log traffic and store in database Statistics and analysis data, generate report. Analysis network packet; Withdraw packet information Output log information

Packet

NetStream/NAT/FLow

Port mirror traffic

DIG log collector

Receiving mirrored traffic Generator log file

Main function

Working wit H3C router and switch, support mirrored traffic Support NAT、FLOW、DIG、 NetStream log format Automatically generate more than 10 pre-defined report, which include traffic demand, application, nodes, session and so on. Alarm for abnormal traffic P2P application traffic monitoring and analysis MAC address and host name based traffic monitoring Work with iMC UAM for providing the detail of internet access Real-time database space mornitoring

iMC QoS Management Component

iMC QoSM

 Netowrk QoS design

• iMC topology and

bandwidth usage display

• iMC performance

report

• QoS policy discovery
• End-to-end service

design

 QoS policy deployment

• ACL download
• QoS download
• Intelligent QoS

diagnose

 QoS monitoring, auditing and cooperation

• QoS monitoring
• SLA detection and

report

• iMC NTA traffic analysis

and alarm

• Policy auditing
• Update cooperating

policy

iMC Intelligent Analysis Report Component

iMC pre-defined Report iAR report designer iMC data source iMC service data source Intelligent data analysis（ETL ） iMC Report Platform iMC pre-defined service report Report delivery (E- mail)

iMC iAR

Data collection

• Withdraw performance, alarm and

resource data from iMC platform

• Withdraw service data from service

module

• ……

Data analysis

• Find useful information from mass data

(ETL)

• ……

Report design

• Rich pre-defined report
• Abundant open data source
• Advanced visual report designer. ……

Report publish

• Report publish, queue and export
• ……

Report delivery

• Regular report delivery
• Deliver report via email

 Next Generation Management Concept  IMC Platform Introduction  IMC Configuration Guide

Content

iMC Platform Server Configuration Guide (Windows)

Items Typical Configuration for less than 500 devices (Windows) Typical Configuration for 500-1000 devices (Windows) Typical Configuration for 1000-2000 devices (Windows) CPU Type: >= Intel Xeon EM64T Clock Speed >=3.0 G Hz Cache >= 2MB Type: >= Intel Xeon EM64T Clock Speed >=3.0 G Hz Cache >= 2MB (Dual CPUs are recommended) Type: >= Intel Xeon EM64T Clock Speed >=3.0 G Hz Cache >= 2MB (Dual CPUs are recommended) Memory >= 2GB >= 2GB >= 4GB Hard disk >= 144GB >= 144GB >= 144GB Network adapter 10/100/1000Mb auto- sensing Network adapter 10/100/1000Mb auto- sensing Network adapter 10/100/1000Mb auto- sensing Network adapter Sound card Sound card Sound card Sound card

iMC Platform Server Configuration Guide (Solaris)

Items Typical Configuration for less than 500 devices (Windows) Typical Configuration for 500-1000 devices (Windows) Typical Configuration for 1000-2000 devices (Windows) CPU SUN SPARC >=1.5 G Hz SUN SPARC >=1.5 G Hz (Dual CPUs are recommended) SUN SPARC >=1.5 G Hz (Dual CPUs are recommended) Memory >= 2GB >= 3GB >= 4GB Hard disk >= 80GB >= 160GB >= 160GB Network adapter 10/100/1000Mb auto- sensing Network adapter 10/100/1000Mb auto- sensing Network adapter 10/100/1000Mb auto- sensing Network adapter Sound card Sound card Sound card Sound card

iMC Components Installation Guide

H3C iMC Component Sever Required

iMC PLAT Independent Server (Master) UAM Independent Server .

• when the managed device is less than 100, UAM can put on the

same server with iMC Platform

• When the number of managed user is greater than 10,000, user

self-service module should put on an independent server. EAD Install with UAM CAMS Independent Server MPLS VPN Independent Server NTA Independent Server. It is also allowed to run on several servers. UBA Independent Server. It is also allowed to run on several servers. WSM Independent Server QoSM Install on the same server with iMC Plat.

• When the data collected by SLA module is too big, SLA is

recommended put on an independent server.

Q&A