Huawei eSight IPSec VPN Promotional Theme Slides Huawei eSight IPSec VPN Management SolutionClick to add Title ... network operation? ... KFC employs advanced management,

Huawei eSight

IPSec VPN Promotional Theme Slides

Version: V1.0 (2013-10-17)

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 2

Agenda

Click to add Title 2 Huawei eSight IPSec VPN Management Solution

Click to add Title 1 IPSec VPN Network Management Challenges

Click to add Title 3 Competition Analysis

Click to add Title 4 Success Stories


IPSec VPN Management Challenges

How can I monitor IPSec

network operation?

How can I rapidly locate VPN

device faults?

How to implement visualized management for complicated VPNs to improve

O&M efficiency?

There are too many IPSec VPN

configuration parameters and

commands, making

troubleshooting difficult. How

can I simplify routine

maintenance?

Do VPN tunnels work properly?

How can I rapidly detect

network service interruption?


Huawei eSight IPSec VPN Management Features

Monitoring

helping O&M

One-click locating

faults

Intelligent automatic discovery

to avoid complicated

networking

Visualized service monitoring

1 1

One-click rapid fault locating

1

Automatically discovers IPSec services and

identifies networking.

2 Rapidly classifies networks.

Provides a graphical interface to monitor

service traffic. Provides brief information to

directly display service operation conditions

on the entire network.

2 Uses lists to monitor VPN tunnel operating

status and key information, such as

alarms, in multiple dimensions.

3 Provides various topology operations,

association between topologies and

alarms, and association between

alarms and service lists to directly

display service faults.

Locates network faults through one click.

2 Provides accurate service fault causes.


Agenda






Huawei eSight IPSec VPN Management Solution

Deploy

Discover

Monitor Query

Diagnose

Use service lists and

topologies to monitor VPN

performance, service alarms,

and link quality in a centralized

manner.

Use commands or an intelligent

configuration tool to deploy

services on the network.

Use the brief information

pages to help users

understand IPSec VPN

O&M conditions.

Provide one-click fault

diagnosis to help

rapidly locate service

faults.

Discover deployed services to

the eSight for monitoring.


Intelligent Configuration Tool Deploying IPSec VPN

Services in Batches

1 Use a template to configure IPSec service

parameters to reduce repeated operations. 2 Deploy services in batches to accelerate service deployment.

3 View historical operation records and

results.


Intelligent Automatic Discovery Enabling Visualized IPSec VPN Service Monitoring

After automatic discovery

is complete, the service

list shows discovered

VPN services.

2 View service topologies and networking.

3

Manage IPSec VPN services through simple operations. 1

Headquarters

Level-1

branches

Level-2

branches

Internet

IPSec VPN

IPSec VPN

IPSec VPN

IPSec VPN

IPSec VPN

eSight IPSec

VPN management

A fault

occurs.

External

branches


Service Performance Monitoring Improving O&M Efficiency

Monitoring Indicator Purpose

Sending and receiving byte and

packet rates of all IPSec tunnels

Capacity expansion pre-

warning

Sending and receiving byte and

packet rates of a single IPSec

tunnel

User behavior analysis

Packet loss ratios in the sending

and receiving directions of all

IPSec tunnels

IPSec service operation

quality analysis on the

device

Packet loss ratios in the sending

and receiving directions of a single

IPSec tunnel

IPSec service operation

quality analysis on the

tunnel

Incoming and outgoing traffic rates

on an interface

Capacity expansion pre-

warning

Key indicators monitored by IPSec O&M Performance task

establishment: establish

performance collection tasks

and set thresholds for key

indicators.

Alarm monitoring:

monitor threshold-

exceeding alarms and

device alarms.

Real-time performance query:

view details on the real-time

performance query page.


Network-wide Service Information Overview Helping Rapidly Understand Network Operation Conditions VPN management statistics: visually display network status in terms of physical device type, alarm, service status.

Visual display: histograms and pie charts show network operation quality, helping rapidly identify potential network problems.

Support Tooltip to prompt detailed information.

Support the customization of DashBoard display content.


One-click Fault Diagnosis Helping Rapidly Locate Service Faults

2 Fault diagnosis helps rapidly analyze service negotiation failure

causes.

View service interruption causes on the alarm page. 1

Headquarters

Level-1

branches

Level-2

branches

Internet

IPSec VPN

IPSec VPN

IPSec VPN

IPSec VPN

IPSec VPN

eSight IPSec VPN

management

A fault

occurs.

External

branches


Agenda






Competition Analysis: Huawei vs. Cisco Function Huawei Cisco Beating Policies Avoiding Points Dominant Bidding Items

Service

deployment

Supports end-to-end deployment using an

intelligent configuration tool.

Provides pre-

deployment/deployment

capabilities.

Supports service planning and

deployment on the GUI. Supports

service planning using topologies.

Emphasize flexible

configuration and support for

VPN deployment on

diversified networking.

Cisco provides pre-deployment/deployment

capabilities. Huawei does not provide service

deployment on a GUI. Configuration procedure

on Cisco CSM is complicated. In addition, using

a GUI for batch service deployment is

inconvenient. For personnel familiar with

services, intelligent configuration is flexible for

batch service deployment.

Service

discovery

Identifies service networking types and

supports IPSec service discovery in

diversified networking. Supports third-party

interconnection service discovery and the

management of Huawei device-side

services.

Requires networking type selection

before service discovery. Supports

service discovery by importing a

configuration file. Services to be

discovered do not need to be

added to the CSM in advance.

Huawei eSight supports

network-wide service

discovery without networking

type selection.

Huawei eSight supports third-party

interconnection service discovery and the

management of Huawei device-side services, but

does not support service restoration by importing

a configuration file.

Automatic discovery of network-

wide services, including third-

party interconnection services

Service

monitoring

Supports tunnel information query, the

query of currently matched protection

rules, and tunnel up and down records.

Supports the query of outgoing encrypted

service traffic and the packet loss ratio.

Supports the query of outgoing

encrypted service traffic and the

packet loss ratio.

Huawei uses a unified

platform to display service

status and faults. CSM uses

the additional integration tool,

Event Viewer.

Integration of VPN management

and basic network management

Alarm and performance query

on VPN topologies

Service

diagnosis

Supports the check of configuration

integrity, interface operating status, service

binding status, encrypted data matching,

route reachability, and service negotiation.

Does not support service

diagnosis.

Cisco does not support IPSec

service diagnostic tools.

The service fault diagnosis

function helps locate network

faults and allows you to query

negotiation failure causes.

Service

topology

Displays service topology networking and

supports service status query, service

alarm monitoring, and service performance

display on the topology.

Supports service topology

planning. Does not support service

status display on the topology.

Emphasize service status

displayed on the service

topology and association

among performance, alarms,

and service status.

Huawei eSight does not support service topology

planning, but service status can be monitored

based on the service topology.

Alarm and performance query

on VPN topologies


Competition Analysis: Huawei vs. H3C Function Huawei H3C Beating Policies Avoiding Points Dominant Bidding Items

Service

deployment

Supports end-to-end deployment using an

intelligent configuration tool.

Supports service

deployment on a GUI.

Supports only the

Hub-Spoke

networking (policy

template).

Emphasize that the intelligent configuration tool is

more flexible for batch service deployment and

applies to more scenarios.

Huawei does not provide a GUI

to deploy services. Using a GUI

for batch service deployment is

inconvenient due to complicated

operations. For personnel

familiar with services, intelligent

configuration is flexible for batch

service deployment.

Automatic

discovery

Identifies service networking types and supports

IPSec service discovery in diversified networking.

Supports third-party interconnection service

discovery and the management of Huawei device-

side services.

Does not support

service restoration.

The NMS is seldom used for service deployment

on VPNs with dial-up branches. Instead, a USB

storage device is used or the configuration file is

copied for service deployment. H3C iMC cannot

discover existing NEs for monitoring.

If IPSec VPN tunnels have been configuration on

NEs before the iMC is deployed, these tunnels

cannot be managed as current tunnels or historical

tunnels or displayed in the topology for monitoring.

IPSec VPN service restoration

Service

monitoring

Supports tunnel information query, the query of

currently matched protection rules, and tunnel up

and down records.

Supports the query of outgoing encrypted service

traffic and the packet loss ratio.

Supports VPN tunnel

traffic monitoring and

top N monitoring

reports.

Huawei eSight provides accurate alarms for

negotiation failures.

Service

diagnosis

Supports the check of configuration integrity,

interface operating status, service binding status,

encrypted data matching, route reachability, and

service negotiation.

Not supported H3C does not support IPSec service diagnostic

tools. Negotiation failure cause query

Service

topology

Displays service topology networking and supports

service status query, service alarm monitoring,

and service performance display on the topology.

Provides similar

functions as Huawei.


Agenda




4 Click to add Title Success Stories


Assisting PetroChina Jiangsu Efficiently Managing Petrol Stations

Internal network of the

provincial company Core switch of the

provincial company Internet

Carrier

egress

Headquarters H3C F1000E

Current Situations: There are many scattered petrol stations, making management difficult.

VPN operating status cannot be monitored.

A total of 500 petrol stations

City

Petrol station network

ADSL

modem USG2000

VPN management

component

IPSec VPN

IPSec VPN [Unified Management]

Automatically discover USGs in cities to the

VPN management component.

Divide the entire network into subnets, so that

each city administrator understands the

operating status of devices in the city.

Assign city-based permissions to city

administrators to ensure that a city

administrator can manage only the devices in

the city, improving information security.

[Centralized Monitoring]

The health status of 500 VPN tunnels is

monitored in real time.

Statistics about top N devices based on

offline alarms and offline durations are

provided.

USG5000


Ensuring Timely Business Data Transmission for KFC Malaysia

Background: In 2010, the global restaurant chain giant KFC established a network in Malaysia to

transmit business data.

KFC employs advanced management, emphasizes efficiency, has high requirements for

the degree of information, and requires a high level of confidentiality of commercial data.

O&M Values: In numerous KFC stores nationwide, devices are configured and VPNs are

managed in a centralized manner, improving management efficiency.

O&M personnel understand network conditions in real time and analyze

network operating pressures based on multiple types of data.

Added Commercial Values:

Commercial information data is seamlessly integrated to reduce

management costs (equal to increasing profits).

Complete VPN management secures trade secrets and increases

competitiveness in the industry.

The eSight can efficiently

resolve 81% of network

management problems.

1.58% 1.20%

1.24% 1.27%

1.30% 1.36%

1

1.1

1.2

1.3

1.4

-

1,000

2,000

3,000

4,000

2008年 2009年 2010年 2011年 2012年 2013年


KFC Project Networking

USG5000

Malaysia has 300 to 400 KFC stores.

Internet

VPN management

component

3G

IPSec

VPN

KFC stores are

interconnected with the

bank over a Telekom VPN.

Credit Card Terminal

FTP server

Mail server

TELEKOM

IP VPN

CIMB Bank

POS machine PC

USG2000 1 Mbit/s

512 kbit/s

A switchover occurs

due to a fault.

The fault is rectified.

Encrypted data transmission on

the 3G network guarantees data

reliability.

The VPN management

component connects to each

KFC store through a VPN tunnel

to manage and monitor

encrypted data transmission.

The entire network is visualized

and reliable.

If a fault occurs, the eSight

sends an email or a short

message to rapidly notify the

administrator. The automated

management reduces costs and

improves O&M efficiency.

The USGs in more than

300 KFC stores are

discovered to the eSight for

unified management.

The centralized

configuration function helps

deliver configuration to all

devices at a time.

The VPN management

component at the

headquarters monitors the

running of all VPNs

nationwide.

Services are

switched to the

3G network if

the VPN fails.

[Secure and

Reliable Monitoring]

3G backup network Properly running VPN

[Centralized VPN

Management]


Providing a Security Network Solution for Polish Ministry of the Interior

Branch1

GDC1

VPN gateway

aggregation

DC VPN gateway

aggregation

E200E-X E200E-X E200E-X

GDC2

Internet

Branch2 Branch3

VPN tunnel

IPSec encryption

Background:

• Ministry of the Interior needs redundant and secure tunnels

for communication.

• More than 500 branches need to connect to the

headquarters.

Solution:

• Deploy two Eudemong1000Es at the headquarters as the

IPSec center. Deploy a Eudemon200E-X1 in each branch to

communicate with the headquarters through a site-to-site

IPSec VPN. Use PKI for authentication. Install the VPN

management component for VPN management.

VPN management

component

O&M Values: Centralized VPN management for massive branches improves

management efficiency.

O&M personnel understand network conditions in real time and

analyze network operating pressures based on multiple types

of data.

HUAWEI ENTERPRISE ICT SOLUTIONS A BETTER WAY

Documents

Huawei eSight IPSec VPN Promotional Theme Slides Huawei eSight IPSec VPN Management SolutionClick to add Title ... network operation? ... KFC employs advanced management,