H3C IMC Product Training APR Nico Wang 2010 May Next Generation Management Concept IMC Platform Introduction IMC Configuration Guide Content Traditional Management Model In the 1980s, the network management standards defined by the Open System Interconnection (OSI) reference model are involved with five major function fields. In the past two decades, the industry followed the standards defined by the OSI to develop products, and roll out a large variety of network management tools. The function fields defined by the OSI define the classification of management functions. However, the function oriented classification cannot adapt to the requirement of lean management of IT service. The traditional management mode results in the current situation of "tools available and absence of management" in the industry. The traditional management mode results in the current situation of "tools available and absence of management" in the industry. Accounting management Fault management Performance management Configuration management Security management Advanced and flexible technical architecture Integration of user, resource and service Interacting components to form management process Full-scale integration Open architecture Service collaboration H3C Management Concept Next Generation Management Concept Unified Integration Service Interaction Open Architecture IMC Platform Introduction IMC Configuration Guide Content Three Key Factors of IT Environment Resource User S User oriented Service oriented Dynamic distribution Improve user satisfaction Improve work efficiency Improve user satisfaction Improve work efficiency Improve service quality Guarantee the service objectives of the enterprise Improve service quality Guarantee the service objectives of the enterprise Improve resource utility Reduce total cost Improve resource utility Reduce total cost The IT environment is formed with three major factors, basic resources, IT service and IT user. User orientation, flexible distribution of IT resources and quick response to the changes of service objectives are the basic requirements on IT support management. The IT management system should adapt to the IT management objectives, reduce maintenance cost, improve service quality and change responsiveness, and maximize the IT value. Service Network resource, storage resource and computing resource Integration of User, Resource & Service Network resource Storage resource Computing resource Router, switch and network formed with router and switch High-speed packet forwarding capability Secure network access control Including Windows, Unix and other types of servers as well as the service software application system on the servers Effective, stable data computing capability Resource User Business leads people to distribute and use IT resources. Secure use of resources Integration of user and resources Disk array, tape, storage management and other storage equipment Low-cost, easily expanded storage space Data security protection H3C iMC Functional Organization Resource User S Service Home Overview of network, user and service information Network Integrated management of network resource, fault and performance information User Unified management of user access and user security Service Process-based service flow management Next Generation Management Concept Unified Integration Service Interaction Open Architecture IMC Platform Introduction IMC Configuration Guide Content H3C iMC Service Flow Example - Network Interacts Resource and User Topology displays the connection relationship of network resources and shows the utility status of the network resources. Unified integration of network management software functions and access certification H3C iMC Service Flow Example - Security Interacts Service Flow Infected terminal Port 1 Port 2 Port 3 PC1 PC2 Server Shut down switch port Disconnect user Trigger anti-virus software to kill virus Client reports abnormality. iMC Intelligent Management Center H3C iMC Service Flow Example - Performance Optimization Service Flow Headquarters Branch WAN link traffic information iMC Intelligent Management Center TopN session Bandwidth utility Application protocol distribution Next Generation Management Concept Unified Integration Service Interaction Open Architecture IMC Platform Introduction IMC Configuration Guide Content IMC Open Architecture - SOA SOA is software architecture and design method, the goal is to organize and use the serve, in order to meet customer's business requirements Special Tasks Function Collections Service S System Organization Method Architecture A Oriented O Distribution Deployment is the typical application of SOA architecture Benefit on Open Architecture Third-party service systems (CRM, ERP, OA) SOAP/XML/LDAP and other externally open interfaces Configuration service component Performance service component Authenticatio n service component Security service compone nt Third-party service component Storage manageme nt service component Fault service component Computing managemen t service component The service systems require internally component-based services. Such a feature facilitates flexible service component reorganization and the integration of third-party services. The service systems provide externally multiple open interfaces, which enable the organic integration with the original service systems of the user. Next Generation Management Concept IMC Platform Introduction IMC Configuration Guide Content iMC Overview IP User Router SwitchWirelessVoIP iMC Intelligent Management Platform Integrate IP user, network devices and service manager, offering a unified security, performance and business oriented management platform IP Network Devices Users IP Services VPN User Management Component End-point Admission Defense User Access Manager User Behavior Auditing CAMS Network Service Management Component Wireless Service Manager Voice Service Manager MPLS VPN Manager Management & Auditing Component Network Traffic Analysis QoS Manager Intelligent Analysis Report Soon iMC Platform 0231A87DSWP-IMC-IMPW-EN H3C iMC,Intelligent Management Platform Standard Edition For Windows(50 nodes),Software(CD) English Edition 0231A92CSWP-IMC-IMPWN-EN H3C iMC,Intelligent Management Platform Standard Edition For Windows(without nodes),Software(CD) English Edition 3130A26TLIS-IMC-IMPF-EN-25 H3C iMC,Intelligent Management Platform Standard Edition (English) License,For 25 nodes 3130A21GLIS-IMC-IMPA-EN-50 H3C iMC,Intelligent Management Platform English Edition Standard Edition License,For 50 nodes 3130A21HLIS-IMC-IMPB-EN-100 H3C iMC,Intelligent Management Platform English Edition Standard Edition License,For 100 nodes 3130A21JLIS-IMC-IMPC-EN-200 H3C iMC,Intelligent Management Platform English Edition Standard Edition License,For 200 nodes 3130A21KLIS-IMC-IMPD-EN-500 H3C iMC,Intelligent Management Platform English Edition Standard Edition License,For 500 nodes 3130A21LLIS-IMC-IMPE-EN-1K H3C iMC,Intelligent Management Platform English Edition Standard Edition License,For 1000 nodes iMC Platform Implement the network management related functions, including topology, fault, alarm, performance, etc. Platform is the foundation for all other components NMF component iMC User Management Components EAD Component User Access Management Component Support all EAD functions of the original CAMS platforms, at the same time, increase in software distribution, asset management, control, and other USB peripherals such as desktop management capabilities Along with iMC platform, implement security management from network equipment to access terminal Support all functions of the original CAMS, including LAN access, Portal, LDAP, and other components, but does not include billing features User Behavior Auditing Component Support user behavior tracing and auditing, Support multiple log format Be able to work with EAD to identify abnormal user. CAMS Multiple user billing model, i.e., time based, traffic based, or fixed monthly cost. Offer CSI interface for developing third part software Multiple cost report. Soon iMC User Management Components UAM Module 0231A87GSWP-IMC-UAMW-EN H3C iMC,User Access Management Component(1000 Authentication Users),Software(CD) English Edition 3130A21XLIS-IMC-UAMA-EN-1K H3C iMC,User Access Management Component English Edition License,For 1000 Authentication Users EAD Module 0231A87CSWP-IMC-EADW-EN H3C iMC,EAD Security Policy Component (500 Security Authentication Users),Software(CD) English Edition 3130A26PLIS-IMC-EADC-EN-200 H3C iMC,EAD Security Policy Component English Edition License,For 200 Security Authentication Users 3130A21FLIS-IMC-EADA-EN-500 H3C iMC,EAD Security Policy Component English Edition License,For 500 Security Authentication Users 3130A21RLIS-IMC-EADB-EN-1K H3C iMC,EAD Security Policy Component English Edition License,For 1000 Security Authentication Users 3130A26QLIS-IMC-EADD-EN-2K H3C iMC,EAD Security Policy Component English Edition License,For 2000 Security Authentication Users iNode EAD Client 0231A759SWP-WIEAC-PFS-EN-H3 H3C iNode, iNode EAD Client Component(for Windows), Software(CD), English Edition, Professional Edition 3130A15RLIS-WIEA-PF200-EN-H3 H3C iNode, iNode EAD Client Component(for Windows) English Edition Professional Edition, Application Software Charge Every 200 Users 3130A26JLIS-WIEA-PF500-EN-H3 H3C iNode, iNode EAD Client Component(for Windows) English Edition Professional Edition, Application Software Charge Every 500 Users 3130A26KLIS-WIEA-PF1000-EN-H3 H3C iNode, iNode EAD Client Component(for Windows) English Edition Professional Edition, Application Software Charge Every 1000 Users 3130A26LLIS-WIEA-PF2000-EN-H3 H3C iNode, iNode EAD Client Component(for Windows) English Edition Professional Edition, Application Software Charge Every 2000 Users User Access Management Component UAM Integrated resource and user High reliability Multiple administration domain & level Portal push Fast client deployment Open Certificate Authentication Self-service Anti ARP attack Access Management iMC EAD Component Note: H3C EAD component include UAM function. iNode for EAD require a license for each installation. Main Function Terminal healthy detection. Force upgrading software Monitoring external accessories, i.e., USB, printer, etc. Support AD/LDAP Desktop asset management Multiple AAA function, i.e., Radius, 802.1x, portal. User Behavior Auditing Component UBA Server Network Device Collect log traffic and store in database Statistics and analysis data, generate report. Analysis network packet; Withdraw packet information Output log information Packet NetStream/NAT/FLow Port mirror traffic DIG log collector Receiving mirrored traffic Generator log file Main function Working wit H3C router and switch, support mirrored traffic Support NAT FLOW DIG NetStream log format Strong log information analysis capability, include web access, FTP, mail, P2P, iM and etc. Accurate traffic auditing on specified user or port. User behavior based analysis and be able to work with EAD for identify abnormal user. Automatically tracing and analysis users behavior based on pre- defined auditing policy. Distributed deployment Filter and aggregate mass log data. Flexible log format translation. iMC Network Service Management Components Voice Service Management Wireless Service Management Manage and maintain VCX voice gateway, IP telephone and other voice device, as well as evaluate the quality of VoIP service in the network Work on iMC platform integrated manage VoIP enabled network. Manage and maintain H3C wireless network device. Integrated manage wireless service in the enterprise network Provide add-value wireless service, i.e, location, rogue device detection, RF layout, and so on. MPLS VPN Component MPLS VPN network deployment, service topology, performance monitoring, and auditing functions, achieve end-to-end service management iMC Network Service Management Components WSM Module 0231A87JSWP-IMC-WSMW-ENH3C iMC,Wireless Service Manager Component,Software(CD) English Edition 3130A224LIS-IMC-WSMA-EN-50H3C iMC,Wireless Service Manager Component English Edition License,For 50 Fit AP 3130A225LIS-IMC-WSMB-EN-100H3C iMC,Wireless Service Manager Component English Edition License,For 100 Fit AP 3130A226LIS-IMC-WSMC-EN-200H3C iMC,Wireless Service Manager Component English Edition License,For 200 Fit AP 3130A227LIS-IMC-WSMD-EN-500H3C iMC,Wireless Service Manager Component English Edition License,For 500 Fit AP 3130A228LIS-IMC-WSME-EN-1KH3C iMC,Wireless Service Manager Component English Edition License,For 1000 Fit AP 3130A25CLIS-IMC-WSMF-EN-50H3C iMC,Wireless Service Manager Component English Edition License,For 50 Fat AP 3130A25DLIS-IMC-WSMG-EN-100H3C iMC,Wireless Service Manager Component English Edition License,For 100 Fat AP 3130A25ELIS-IMC-WSMH-EN-200H3C iMC,Wireless Service Manager Component English Edition License,For 200 Fat AP 3130A25FLIS-IMC-WSMI-EN-500H3C iMC,Wireless Service Manager Component English Edition License,For 500 Fat AP 3130A25GLIS-IMC-WSMJ-EN-1KH3C iMC,Wireless Service Manager Component English Edition License,For 1000 Fat AP MPLS VPN Module 0231A87ASWP-IMC-BMVMW-ENH3C iMC,MPLS VPN Manager Component(50 nodes),Software(CD) English Edition 3130A216LIS-IMC-MVMG-ENH3C iMC,BGP/MPLS VPN Manager Component Pack English Edition License 3130A217LIS-IMC-MVME-EN H3C iMC,Cisco Device BGP/MPLS VPN Management Software Driver Package English Edition License 3130A218LIS-IMC-MVMA-EN-50H3C iMC,MPLS VPN Manager Component English Edition License,For 50 nodes 3130A219LIS-IMC-MVMB-EN-100H3C iMC,MPLS VPN Manager Component English Edition License,For 100 nodes 3130A21BLIS-IMC-MVMD-EN-500H3C iMC,MPLS VPN Manager Component English Edition License,For 500 nodes 3130A21CLIS-IMC-MVMF-EN-1KH3C iMC,MPLS VPN Manager Component English Edition License,For 1000 nodes 3130A21DLIS-IMC-MVMH-EN-3KH3C iMC,MPLS VPN Manager Component English Edition License,For 3000 nodes 3130A21ELIS-IMC-MVMI-EN-URH3C iMC,MPLS VPN Manager Component English Edition License,Unrestricted 3130A28VLIS-IMC-MVMJ-ENH3C iMC,MPLS TE Manager Component Pack English Edition License iMC Network Service Management Components VSM Module 0231A0DPSWP-IMC-VSM-ENH3C iMC, VSM Component (for 100 IP Phones), Software(CD) English Edition 3130A0DNLIS-IMC-VSMA-EN-100H3C iMC, VSM Component English Edition License, For 100 IP Phones 3130A0DPLIS-IMC-VSMB-EN-500H3C iMC, VSM Component English Edition License, For 500 IP Phones 3130A0DQLIS-IMC-VSMC-EN-1KH3C iMC, VSM Component English Edition License, For 1000 IP Phones 3130A0DRLIS-IMC-VSMD-EN-5KH3C iMC, VSM Component English Edition License, For 5000 IP Phones iMC Wireless Service Management Rogue Device Detection Integrated ALL Network Resource Roaming Tracing RF Management Smart Report Highlight of WSM Location Service iMC Voice Service Management Component MSR voice Gatewey H3C 31 series IP phone Voice gateway and SIP terminal Application Call process VCX IPPBX Internet VCX message server VCX voice conference PSTN PBX Traditional phone traditional phone & fax SIP Third part call center IPSEC VPN VSM Configuration Upgrading Monitoring Reporting . iMC MPLS VPN Management Component Support MPLS L3 VPN Compatible to multiple vendors devices Step by Step service plan wizard. Network resource and VPN service detection. High reliability VPN configuration auditing VPN connectivity auditing Graphical traffic management Smart alarm mechanism Integrated network resource management Realize a manageable and operational VPN network iMC Management & Auditing Components NTA Network Traffic Analysis Monitoring, Network Traffic Analysis, providing various reports Can use NetStream equipment, can also use the DIG Probe Mirroring QoS Management QoS policy design and deployment. QoS monitoring, auditing and cooperate with other iMC modules, i.e, UTA iAR Report Management Collecting and analyzing the network running data from iMC platform or service management modules. Generate, publish and distribute reports. User friendly report design tool kit. Soon iMC Management & Auditing Components NTA Module 0231A87KSWP-IMC-NTAW-EN H3C iMC,Network Traffic Analyzer Component,Software(CD) English Edition 0231A817SWP-IMC-DIGAH3C iMC,DIG Log Probe Component(500M) 3130A229LIS-IMC-NTAA-EN-1 H3C iMC, Network Traffic Analyzer Component English Edition License, For 1 node 3130A22ALIS-IMC-NTAB-EN-2 H3C iMC, Network Traffic Analyzer Component English Edition License, For 2 nodes 3130A22BLIS-IMC-NTAC-EN-5 H3C iMC, Network Traffic Analyzer Component English Edition License, For 5 nodes QoSM Module 0231A0B0SWP-IMC-QOSM-EN H3C iMC, QoS Manager Component, Software(CD) English Edition iMC Network Traffic Analysis Component UBA Server Network Device Collect log traffic and store in database Statistics and analysis data, generate report. Analysis network packet; Withdraw packet information Output log information Packet NetStream/NAT/FLow Port mirror traffic DIG log collector Receiving mirrored traffic Generator log file Main function Working wit H3C router and switch, support mirrored traffic Support NAT FLOW DIG NetStream log format Automatically generate more than 10 pre-defined report, which include traffic demand, application, nodes, session and so on. Alarm for abnormal traffic P2P application traffic monitoring and analysis MAC address and host name based traffic monitoring Work with iMC UAM for providing the detail of internet access Real-time database space mornitoring iMC QoS Management Component iMC QoSM Netowrk QoS design iMC topology and bandwidth usage display iMC performance report QoS policy discovery End-to-end service design QoS policy deployment ACL download QoS download Intelligent QoS diagnose QoS monitoring, auditing and cooperation QoS monitoring SLA detection and report iMC NTA traffic analysis and alarm Policy auditing Update cooperating policy iMC Intelligent Analysis Report Component iMC pre-defined Report iAR report designer iMC data source iMC service data source Intelligent data analysis ETL iMC Report Platform iMC pre-defined service report Report delivery (E- mail) iMC iAR Data collection Withdraw performance, alarm and resource data from iMC platform Withdraw service data from service module Data analysis Find useful information from mass data (ETL) Report design Rich pre-defined report Abundant open data source Advanced visual report designer. Report publish Report publish, queue and export Report delivery Regular report delivery Deliver report via Next Generation Management Concept IMC Platform Introduction IMC Configuration Guide Content iMC Platform Server Configuration Guide (Windows) Items Typical Configuration for less than 500 devices (Windows) Typical Configuration for devices (Windows) Typical Configuration for devices (Windows) CPU Type: >= Intel Xeon EM64T Clock Speed >=3.0 G Hz Cache >= 2MB Type: >= Intel Xeon EM64T Clock Speed >=3.0 G Hz Cache >= 2MB (Dual CPUs are recommended) Type: >= Intel Xeon EM64T Clock Speed >=3.0 G Hz Cache >= 2MB (Dual CPUs are recommended) Memor y >= 2GB >= 4GB Hard disk >= 144GB Networ k adapter 10/100/1000Mb auto- sensing Network adapter Sound card iMC Platform Server Configuration Guide (Solaris) Items Typical Configuration for less than 500 devices (Windows) Typical Configuration for devices (Windows) Typical Configuration for devices (Windows) CPU SUN SPARC >=1.5 G Hz SUN SPARC >=1.5 G Hz (Dual CPUs are recommended) SUN SPARC >=1.5 G Hz (Dual CPUs are recommended) Memor y >= 2GB>= 3GB>= 4GB Hard disk >= 80GB>= 160GB Networ k adapter 10/100/1000Mb auto- sensing Network adapter Sound card iMC Components Installation Guide H3C iMC ComponentSever Required iMC PLATIndependent Server (Master) UAM Independent Server. when the managed device is less than 100, UAM can put on the same server with iMC Platform When the number of managed user is greater than 10,000, user self-service module should put on an independent server. EADInstall with UAM CAMSIndependent Server MPLS VPNIndependent Server NTAIndependent Server. It is also allowed to run on several servers. UBAIndependent Server. It is also allowed to run on several servers. WSMIndependent Server QoSM Install on the same server with iMC Plat. When the data collected by SLA module is too big, SLA is recommended put on an independent server. Q&A