Huawei esight Full Product Datasheet HUAWEI TECHNOLOGIES CO., LTD.
Huawei esight Full Product Datasheet Product Overview With the development of enterprise network applications and the expansion of network scale, a large number of routers, gateways, and Wireless Area Network (WLAN) devices are used on enterprise campus and branch networks. Enterprises must provide multiple mobile offices, rather than a fixed location, for their employees, and support diversified services, complicating network management. They urgently need a unified network management system to improve efficiency and ensure normal operation of enterprise services. Huawei esight is based on the following concepts: topology-centric, simplified management, and improved Operation and Maintenance (O&M) efficiency. Network administrators can gain an overall understanding of the network status by viewing the topology. esight not only provides basic network management capabilities (alarm, topology, performance, and configuration) but also proactive warnings of potential network faults. In addition, esight provides abundant fault location methods to help administrators effectively locate and rectify faults. esight provides an all-round, open, and unified management platform, and various service components, to implement unified management of devices, services, and applications. Product Features Easy to Use Unified Management Smart O&M Product Components Easy to Use User-friendly Graphical User Interface (GUI) and smooth operations Active monitoring and visible O&M Unified Management Multi-type - device management Multi-vendor device management Smart O&M Plug-and-play- Automatic network quality sensing esight provides a unified O&M platform and specific components to meet enterprise user requirements. Component esight Unified Network Management Platform esight Smart Reporter esight SLA Manager esight Network Traffic Analyzer esight LogCenter Manager esight WLAN Manager esight MPLS VPN Manager esight MPLS Tunnel Manager esight IPSec VPN Manager esight Secure Center Description Provides compact, standard, and professional editions for enterprise users. In addition to unified management of devices from various vendors, topology management, fault management, performance management, a smart configuration tool, configuration file management, and a Simple Network Management Protocol (SNMP) northbound interface, the esight Unified Network Management Platform allows users to customize third-party devices, helping establish a network management system customized to their own needs. Provides preset report templates to meet requirements in most management scenarios. Provides a professional report design tool for users to customize statistics reports. Implements visible monitoring on network quality by combining the following methods: simulation flow-based and real service flow-based network quality detection. Monitors network quality using simulation flows by integrating with devices' Network Quality Analysis (NQA) function to diagnose and measure link performance between network devices 24x7 and displays Quality of Service (QoS) statistics.esight notifies administrators remotely when QoS reaches the threshold set by administrators. Administrators can use the quick diagnosis function to monitor link performance in real time and diagnose faults, which improves management efficiency. Implements network quality detection based on ipca, which is the industry's first multiple-input-multiple-output quality measurement technology and solves the N2 connection problem in traditional point-to-point quality measurement technologies. ipca technology uses the enhanced area-based packet conservation mechanism to monitor the quality on a connectionless network and also provides accurate fault location capabilities. Collects router and Layer 3 switch traffic, analyzes network traffic based on NetFlow, NetStream, and sflow protocols, and allows users to customize reports. This helps network administrators monitor traffic and bandwidth usage and detect network bottlenecks in a timely manner, providing evidence for network planning and fault diagnosis. Provides a platform for collecting, storing, and auditing multiple types of largescale logs in a unified manner. Manages logs from Huawei and other vendors' Provides industry-leading Network Address Translation (NAT) tracing and security events analysis functions. Provides integrated management of wired and wireless networks. Supports wizard configuration to improve deployment efficiency of wireless services. Displays information about WLAN network quality, interference sources, wireless intrusion, and access terminals. Supports one-click diagnosis, interference source locating, and spectrum analysis to implement highly efficient troubleshooting. Integrates scattered VPN information into visible management objects and displays the information using figures and graphs. Provides End-to-End (E2E) service deployment and hierarchical fault diagnosis capabilities. Administrators can easily deploy, monitor, and diagnose VPN services to guarantee quality and reliability for key services. Automatically discovers Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) and Label Distribution Protocol (LDP) tunnels that have been deployed on the network, monitors tunnels in real time, dynamically displays tunnel operating status, and monitors active-standby switchover and bypasses. Automatically discovers IPSec VPN services on the hub-spoke and site-tosite networks and provides all-round monitoring and diagnostic functions, including service alarm status monitoring, service topology, performance monitoring, service diagnosis, and historical tunnel information display. Provides unified security services management functions for the entire network, including Huawei firewalls, Unified Threat Management (UTM), and Access Routers (AR). Provides policy redundancy analysis, risk analysis, policy matching analysis, and comprehensive analysis for USG series firewalls to provide basis for policy optimization.
esight can manage devices from different vendors and multiple resources to provide unified management across the entire network. Unified management of multi-vendor devices: esight can manage devices from mainstream vendors, including Huawei, Cisco, Juniper, Ruijie, H3C, Brocade, BDCOM, and Maipu. Unified management of multi-type devices: esight can manage network devices such as routers, switches, firewalls, and WLAN devices, and IT resources such as servers and work stations. Customized device management: esight allows customers to customize vendor names, device types, panel style, performance presentation, and alarms for rapid device adaptation. esight Unified Network Management Platform Product Overview As the network scales and the number of enterprise network applications continues to grow, more devices are deployed. Multiple service routers, security gateways, and Wireless Local Area Network (WLAN) Access Points (APs) are used to implement communications and collaboration services in decentralized enterprise campus and branch office networks. Enterprises are using an increasing number of core and access devices provided by multiple vendors. Each device has its own management system, creating confusion for system and network administrators. To alleviate the operational burden, Huawei has developed the esight Unified Network Management Platform, a unified network management system that provides a comprehensive view and management of all network and system resources, ensures network stability, and improves O&M efficiency. The esight Unified Network Management Platform provides compact, standard, and professional editions for enterprise users. In addition to unified management of devices from various vendors, topology management, fault management, performance management, a smart configuration tool, configuration file management, and a Simple Network Management Protocol (SNMP) northbound interface, the esight Unified Network Management Platform allows users to customize third-party devices, helping establish a network management system customized to their own needs. Features The esight Unified Network Management Platform provides compact, standard, and professional editions for enterprise users. Edition Compact edition Standard edition Professional edition Functions Supports topology management, Network Elements (NEs), links, physical resources, e-labels, alarms, performance, configuration files, logs, Virtual Local Area Network (VLAN) management, customized device management, report management, a smart configuration tool, WLAN, IPSec Virtual Private Network (VPN), Multiprotocol Label Switching (MPLS) VPN, Service Level Agreement (SLA), IP topology, NTA, Policy Center, MPLS Tunnel Manager, maintenance tools, SNMP northbound interface, security management, and device software management. Provides database backup tool and fault collection tool. Supports all functions of the compact edition, and Smart Reporter, SNMP north bound interface, SLA Manager, WLAN Manager, NTA, MPLS VPN Manager, MPLS tunnel manager, Secure Center, LogCenter, and IPSec VPN manager. Supports all functions of the standard edition, and hierarchical Network Management System (NMS), High Availability (HA). esight provides rights-based, domain-based, and time-based authorization, and flexible network user authentication methods. esight enables refined management authorization by assigning different user names and passwords to administrators and by controlling administrator management authority, management range, time range allowed to log in, and IP range allowed to log in. esight supports Lightweight Directory Access Protocol (LDAP), RADIUS, and local authorization methods. The comprehensive fault monitoring system enables real-time fault diagnosis and quick troubleshooting. esight provides unified monitoring of alarms on the entire network and informs maintenance personnel of the alarms in the first instance through alarm sounds, remote alarm notification (email and SMS), and the alarm panel, ensuring timely troubleshooting. esight supports alarm analysis and processing. esight provides alarm locating functions to switch to NEs, ports, and services, shield, suppress, and categorize alarms, analyze alarm correlation, redefine the alarm severity, and maintain the experience library, improving troubleshooting accuracy and efficiency. esight supports customization for alarm shield, redefinition, and alarm sounds to meet specific requirements in different scenarios. esight provides visual management of the entire network topology and status monitoring.
Convenient resource searching on the entire network helps administrators quickly locate resources and access corresponding services. Intelligent configuration: esight is preconfigured with multiple common service configuration templates. Users can select an appropriate template to perform the same configurations on devices in a batch or use a file to perform configurations on groups of devices in a batch. Configuration file management: Configuration files for multiple devices can be backed up, compared, and restored. The backup function includes immediate backup and periodic backups, and backups triggered by device configuration changes. When the device configuration changes, esight can trigger alarms and send alarm notification through email. MIB management: esight provides Management Information Base (MIB) compilation, loading functions and Get, GetNext, Walk, and TableView operations. Various device discovery methods: esight can discover devices automatically, separately, or in a batch. The automatic device discovery model can add new devices periodically. esight supports management of devices with IPv6 addresses. Simplified management on network topologies: esight provides physical and IP topologies and shows network structure hierarchically. Administrators can view network resource alarm states and basic link information, such as device name, link type, link state, bandwidth, reception speed, package reception error rate, package sending error rate, reception package loss rate, and sending package loss rate. Administrators can set the device icon size according to device importance, customize the cross-sectional area of links according to the bandwidth, and zoom out or in on the topology view for a global view or to display details. esight allows administrators to quickly view device state and link traffic through integration of service components. esight shows device, frame, board, subcard, port on panel, and port state, and allows administrators to enable or disable ports. Powerful performance management: esight provides performance parameter management templates, supports batch device performance monitoring, visual performance data view, and history date analysis. Administrators can set different alarm severity and threshold levels and determine whether to send an alarm based on the number of times that performance indexes exceed the threshold value, lowering report errors and improving alarm accuracy. Terminal resource management: esight provides comprehensive terminal access records, including MAC, IP address, device name, and port number, helping administrators find the switch and port on the switch through which a terminal is connected to the network. Administrators can configure the authorized terminal IP address, MAC address, and PORT-IP, PORT-MAC, and IP-MAC matching rules. When a terminal accesses the network illegally, esight sends emails and records comprehensive information about the illegal terminal, providing the basis for audits of illegal users. Group-based management: After a device is added to esight, the device is automatically added to the group based on the specified rules and is granted with policies in the group. Hierarchical network management: Users at headquarters can view alarm, topology, and performance information from lower-level network management systems. Hierarchical network management meets large scale network management requirements. esight supports wired and wireless convergence management. Unified configuration for wired and wireless services: esight supports the unified configuration of wired and wireless services based on the service matrix (including resource groups and service profiles), improving configuration efficiency. When a device goes online, the device is automatically added to the specified resource group and is granted with the corresponding policies. Plug-and-play is therefore implemented. Unified management on wired and wireless users: esight monitors wired and wireless users in a unified manner. When associated with WLAN Manager, esight can quickly rectify faults on wireless users. Display of wired and wireless devices on one panel: Based on super virtual fabric (SVF) technology, esight manages multiple access and aggregation switches as one switch. Information about access switches, APs, and users is displayed on one panel. Simple and convenient daily maintenance operations and lower technical requirements improve work efficiency. The customized portal allows users to receive all information on the home page. esight can also integrate third-party software portals with the home page.
Operating Environment Configuration requirements for the esight Unified Network Management Platform (compact edition) are as follows: Operating System Windows7 Configuration Requirements CPU: 1 x dual-core 2 GHz or higher Memory: 4 GB Disk space: 40 GB Database: MySQL 5.5 PC servers are recommended. Configuration requirements for the esight Unified Network Management Platform (standard and professionaleditions) are as follows: Operating System Configuration Requirement esight supports unified VLAN resource management. esight allows administrators to create and delete VLAN resources, deliver VLAN configurations, view resources in the VLAN topology, and collect VLAN statistics on the entire network. VLAN resource management: esight displays VLAN resources on the entire network. Administrators can add, delete, and modify VLANs, and view devices and interfaces whose packets can pass through the specified VLAN. When administrators delete a VLAN, esight can display all devices and interfaces related to the VLAN to prevent misoperation. VLAN device management: esight allows administrators to perform interface and VLAN configurations for multiple devices in a batch and can quickly switch to the NE manager. Administrators can view, add, and modify VLAN information on the device panel of the NE manager and can also configure voice VLANs. Visible VLAN topology: esight can filter device and link information based on the VLAN. Administrators can add or remove multiple devices and links to a VLAN. esight can also filter MSTP loop prevention flags based on the VLAN. Windows Server 2008 R2 standard Novell SUSE Linux Enterprise Server-Multilanguage-Enterprise-11.0 SP1 CPU: 1 x dual-core 2 GHz or higher Memory: 4 GB Disk space: 40 GB Database: MySQL 5.5, Microsoft SQL Server 2008 R2 standard PC servers are recommended. Determine the hardware specifications based on the network scale and required components. CPU: 1 x dual-core 2 GHz or higher Memory: 4 GB Disk space: 40 GB Database: Oracle Database Standard Edition 11g R2 PC servers are recommended. Determine the hardware specifications based on the network scale and required components. esight standard and professional editions can run on VMs. Requirements for VMs are as follows: Operating System Windows Server 2008 R2 standard Configuration Requirement VMWare ESXI 5.0 CPU: 1 x quad-core 2 GHz or higher Memory: 6 GB Disk space: 300 GB Database: Microsoft SQL Server 2008 R2 standard Determine the hardware specifications based on the network scale and required components. B/S architecture supports multiple operating systems. esight uses Browser/Server (B/S) architecture, which does not require any client software. The server need only be updated when the software updates. The platform supports Windows and SUSE Linux operating systems and Oracle, MySQL, and SQL Server databases. Disaster Recovery (DR) protection ensures service continuity and system reliability. Sight supports two-node clusters in hot standby mode. esight supports the Linux operating system.
Deployment Scenarios The esight network does not have special requirements when managed devices are connected to the esight server and devices support the Simple Network Management Protocol (SNMP). esight compact edition applies to small- and medium-sized enterprises. Ordering Information Table 2-1 Ordering information for esight compact edition Item Quantity Remarks esight Application Base-Compact (includes 40 device licenses) 1 Mandatory for esight Unified Network Management Platform esight Compact Edition Table 2-2 Ordering information for esight standard edition Item Quantity Remarks esight standard edition applies to medium- and large-sized enterprises. Branch VPN Internet esight Standard Edition esight Application Base-Standard (includes 60 device licenses) esight Standard NMS License (for 25 incremental esight Standard NMS License (for 50 incremental esight Standard NMS License (for 100 incremental esight Standard NMS License (for 200 incremental esight Standard NMS License (for 300 incremental esight Standard NMS License (for 500 incremental esight Standard NMS License (for 1,000 incremental esight Standard NMS License (for 2,000 incremental esight Standard NMS License (for 5,000 incremental 1 Mandatory for esight Unified Network Management Platform One license manages 25 incremental One license manages 50 incremental One license manages 100 incremental One license manages 200 incremental One license manages 300 incremental One license manages 500 incremental One license manages 1,000 incremental One license manages 2,000 incremental One license manages 5,000 incremental esight SNMP NBI Component Adds SNMP northbound interfaces. Branch VPN Headquarters Table 2-3 Ordering information for esight professional edition Item Quantity Remarks esight Application Base-Professional (includes 60 device licenses) 1 Mandatory for esight Unified Network Management Platform esight professional edition applies to ultra-large enterprises and is deployed at headquarters. esight standard or professional edition is deployed at branches. Administrators at headquarters can check the network status of each branch. esight Professional NMS License (for 50 incremental esight Professional NMS License (for 100 incremental esight Professional NMS License (for 200 incremental One license manages 50 incremental One license manages 100 incremental One license manages 200 incremental esight Standard or Professional Edition esight Professional NMS License (for 300 incremental One license manages 300 incremental Branch Branch VPN VPN esight Professional Edition Headquarters esight Professional NMS License (for 500 incremental esight Professional NMS License (for 1,000 incremental esight Professional NMS License (for 2,000 incremental esight Professional NMS License (for 5,000 incremental One license manages 500 incremental One license manages 1,000 incremental One license manages 2,000 incremental One license manages 5,000 incremental esight Standard or Professional Edition esight SNMP NBI Component Adds SNMP northbound interfaces.
Statistics in multiple dimensions allow users to understand data from various perspectives. esight Smart Reporter provides statistics in different dimensions, including top N statistics, statistics at different levels (NE level, subnet level, and regional level), interface information (interface connection and disconnection, interface traffic, and interface performance), device resource usage (CPU and memory), and wireless resource usage (access users, AP traffic, AP rate, AP access failure, air interface usage, and AP radio). Reports in multiple modes present statistics directly and intuitively. esight Smart Reporter supports not only tables but also graphs such as line, column, and pie charts, presenting users with concise and direct statistics. esight Smart Reporter Product Overview With rapid network development and continual integration of network applications and service management, information growth is exploding. Administrators, however, cannot extract the critical information they need from the bulk; therefore, enterprises urgently need an information management system that can collect, arrange, analyze, and display data to help improve operating efficiency. The information display mode directly affects user understanding and provides the basis for decision making. In response to these needs, esight provides Smart Reporter as a powerful reporting tool. Huawei esight Smart Reporter provides preset report templates to meet requirements in most maintenance scenarios and a professional report design tool for users to customize statistics reports. Reports in multiple file formats apply to various scenarios. esight allows users to export report statistics into Excel, Word, or PDF files. Features esight Smart Reporter supports rights- and domain-based management and preset report templates to meet requirements in most maintenance scenarios. esight provides dozens of preset report templates for various statistics fields, such as performance, alarm, resources, WLAN, Service Level Agreement (SLA), and Quality of Service (QoS), helping users easily obtain statistics. Flexible report settings meet various statistics requirements. esight supports both manual and periodic reports. Users can specify the time interval to periodically execute report tasks. Users can set the time range for statistics. esight can collect statistics on multiple NEs simultaneously. esight can automatically send reports to users by email.
Users can specify the times for esight to collect data generated during peak hours. Operating Environment esight Smart Reporter is installed on the same server as esight Unified Network Management Platform standard or professional edition; therefore, configuration requirements for the operating environments are the same. esight SLA Manager Deployment Scenarios Deployment scenarios for esight Smart Reporter are the same as those for esight Unified Network Management Platform. Ordering Information Item Quantity Remarks esight Application Base-Standard (includes 60 device licenses)or esight Application Base-Professional (includes 60 device licenses) 1 Mandatory for esight Unified Network Management Platform esight Smart Reporter 1 Mandatory for esight Smart Reporter esight Smart Reporter-Special Services-customized template development (per template) Indicates the number of customized templates. Product Overviewt Currently, most IP networks use coarse-grained bandwidth management polices and do not have quality monitoring or guarantee mechanisms. Therefore, IP networks provide only connectivity and cannot ensure good user experience. Users often experience service quality issues such as video pixelation, fuzzy voice, slow network access, and slow response of cloud desktop. However, the networks and network administrators are unaware of these issues because there is no system to monitor service quality on the entire network. Administrators try to locate network problems only after receiving complaints from users. However, it often takes a long time to locate and solve a problem due to lack of real-time monitoring mechanisms and effective problem location methods. This problem location process is inefficient and severely affects user experience. Huawei esight SLA Manager implements visible monitoring on network quality by combining the following methods: simulation flow-based and real service flow-based network quality detection. Huawei esight SLA Manager monitors network quality using simulation flows by integrating with the devices' NQA function to diagnose and measure link performance between network devices 24 hours a day and displays QoS statistics. Administrators can set the QoS threshold, and esight notifies administrators remotely when QoS reaches the threshold. Administrators can use the quick diagnosis function to monitor link performance in real time and diagnose faults, which improves management efficiency. Huawei esight SLA Manager implements network quality detection based on ipca, which is the industry's first multiple-input-multiple-output quality measurement technology and solves the N2 connection problem in traditional point-to-point quality measurement technologies. ipca technology uses the enhanced areabased packet conservation mechanism to monitor the quality on a connectionless network and also provides accurate fault location capabilities. Features The network quality emulation test helps users discover network quality problems in advance. Service-oriented SLA and easy operation simplify O&M needs. Users can create an SLA service to carry out E2E network QoS monitoring and evaluate network and service QoS based on SLA compliance. esight has more than 20 SLA service configuration items for video, audio, and network applications, allowing customers to define SLA services to meet their unique requirements.
esight SLA Manager displays network QoS statistics and generates alarms in advance to ensure user experience. After a user creates an SLA task, it will be executed periodically. QoS statistics are displayed based on daily compliance. When QoS meets the threshold conditions, esight notifies administrators remotely, enabling administrators to diagnose faults in advance to ensure the user experience. esight SLA Manager provides a quick diagnosis function to narrow the fault scope and shorten fault diagnosis time. The quick diagnosis function helps users locate faults by link segments, narrowing the fault scope. Users can further view real-time data on devices and links as well as packet loss in a port queue or on a port with the specified MAC address. Visible historical network data provides a basis for network optimization. In actual applications, QoS values indicate services of different priorities. Different services on a same link can be compared, and the result shows whether QoS on a network has taken effect and provides a basis for QoS policy adjustment. Network-level measurement Network-level measurement targets an area to implement visible monitoring on the area network quality. Path hop-by-hop detection can locate the node or link where packets are lost in an area. esight SLA Manager provides real-time QoS monitoring, multi-dimensional data analysis, and graphical data display. esight uses the unified dashboard panel to vividly display QoS information, simplifying network management. The dashboard displays and manages various QoS information in a centralized manner to administrators, informing them of bandwidth usage and network exception information in real time. The QoS information includes top bandwidth usage, top discarding rate, top Peak Information Rate (PIR), and top matching rate. esight supports network quality detection based on real service flows. Device- or link-level measurement After ipca is enabled for agile devices and links in batches, quality status of devices and links is clearly displayed in the topology. When the device or link quality threshold is exceeded, an alarm is generated and reported to the administrator in a timely manner.
Operating Environment esight SLA Manager is installed on the same server as esight Unified Network Management Platform standard or professional edition; therefore, configuration requirements for the operating environments are the same. Deployment Scenarios Deployment scenarios for esight SLA Manager are the same as those for esight Unified Network Management Platform. Source devices must be added to esight, and the IP addresses of the source and destination devices can be pinged. Ordering Information Item Quantity Remarks esight Application Base-Standard (includes 60 device licenses)or esight Application Base-Professional (includes 60 device licenses) 1 Mandatory for esight Unified Network Management Platform esight SLA Manager 1 Mandatory for esight SLA Manager esight Network Traffic Analyzer Product Overview Fast and stable access speeds improve office work efficiency, while low access speeds can negatively affect productivity. Administrators must determine which applications consume the most bandwidth and generate heavy traffic, and which employees use these applications, and then change the network QoS policy and expand the network when necessary. esight Network Traffic Analyzer (NTA) supports NetFlow, NetStream, and sflow. It collects traffic information output by routers and Layer 3 switches and provides user-defined reports to network administrators for analysis of traffic and bandwidth usage and network bottleneck detection. esight Network Traffic Analyzer also provides information for network planning and troubleshooting. Features esight Network Traffic Analyzer supports mainstream network traffic protocols, including NetStream, NetFlow, and sflow. shows the customized dashboard that displays network status. Figure 5-1 Customized dashboard Multiple dimensions: esight Network Traffic Analyzer ranks the traffic on devices and interfaces, including interface usage, application, host, session, and Differentiated Services Code Point (DSCP) traffic. Customization: esight Network Traffic Analyzer allows users to customize the presented content, format, and formatting style and supports partial traffic updates without changing the Graphical User Interface (GUI).
The interface traffic and usage rankings display interface traffic statistics, including the incoming and outgoing rate and incoming and outgoing data packets. Clicking an interface will reveal information about the traffic composition at different times, in multiple dimensions, including the application, host, session, and DSCP. Interface Traffic Analysis Customized Traffic Applications and Group Network Traffic Customization options for traffic applications and group network traffic, as follows: Customized applications Customized DSCP group Customized application group Customized IP address group or interface group Customized Applications esight Network Traffic Analyzer components are recognized based on the protocol and port number, and hundreds of standard applications and common Layer 4 applications are preset. Protocols and port numbers can also be added for unknown applications, and network administrators can add applications as required. Users can customize applications based on the specified protocol, port number, and IP address ranges. Customized DSCP Group DSCP group is a logical group, and users can create a group to differentiate DSCP composition. For example, in WAN QoS monitoring, users can create a voice group (EF), a video group (AF31), and a group for the other DSCP; therefore, esight Network Traffic Analyzer can provide a reference for proper enterprise QoS bandwidth and key service bandwidth planning. Customized Application Groupt Create application groups as required to obtain comprehensive information about specific applications. For example, create an application group named Mail Service, and combine Lotus Notes, pop3, and SMTP applications into the group to learn about mail application traffic. Customized IP Address Group or Interface Groupt Users can consider the IP addresses or interfaces in a certain range as a whole to calculate traffic statistics. For example, assume that an enterprise has two floors and the total enterprise traffic must be calculated. Simply combine all switch interfaces on the two floors into an interface group and analyze the total traffic. Monitoring Multi-dimensional Traffic with Simple Configurationt Overall network traffic analysis depends on high performance traffic analysis. Network administrators need only add a monitoring interface and configure the traffic sampling ratio before monitoring and analyzing interface traffic from multiple dimensions, including the following: Interface traffic analysis Application traffic analysis Source/Destination host traffic analysis DSCP traffic analysis Session traffic analysis Users can analyze traffic on the traffic trend diagram, which displays traffic and packets, respectively, on two coordinates. Interface traffic analysis checks the traffic trend for a specified interface, time range, and incoming and outgoing traffic. Based on interface traffic analysis, network administrators can identify the interfaces that are used most frequently on the network to gain a comprehensive understanding of the entire network status. Administrators can detect interfaces with abnormal traffic and locate faults before network performance is affected. Application Traffic Analysis Application traffic analysis checks the trend of application changes for a specified interface, time range, and incoming and outgoing traffic. Administrators can locate the host that causes performance problems based on the source ranking and destination hosts using a specific application.
Source/Destination Host Traffic Analysist Source/destination host traffic analysis checks the trend in source/destination host bandwidth usage changes for a specified interface, time range, and incoming and outgoing traffic. Based on source/destination host analysis, network administrators can identify the host that consumes high bandwidth and solve any bandwidth problems in a timely manner to ensure bandwidth usage efficiency. Session Traffic Analysis Session traffic analysis checks the trend of session traffic for a specified interface and time range. Session traffic analysis provides detailed session information the network administrator can use for further fault location. DSCP Traffic Analysis DSCP traffic analysis checks the DSCP traffic trend for a specified interface and time range, ensuring proper QoS bandwidth planning and the quality of key services. Group Traffic Analysis Group traffic analysis displays the DSCP group, interface group, application group, and IP group traffic statistics on specified interfaces within a specific time range. Network administrators can conveniently analyze specific traffic as required to satisfy special maintenance requirements. Threshold Value Alarm esight allows administrators to set traffic threshold values for applications and hosts. When the number of times that the monitored value exceeds the threshold values within a specified time reaches the preset value, esight sends alarm notifications through email. Operating Environment esight Network Traffic Analyzer can be deployed on the same server as esight Unified Network Management Platform standard or professional edition, or on a different one. When they are configured on one server, they can manage no more than 10 NEs, and the configuration requirements are the same as those of the platform. When they are configured on different servers, configuration requirements are as follows: Customized Traffic Report esight Network Traffic Analyzer can customize reports by specifying filtering rules, report type, and report layout configuration. Traffic reports provide references for further network planning. Operating System Windows Server 2008 R2 standard Configuration Requirement CPU: 1 x quad-core 2 GHz or higher Memory: 4 GB Disk space: 120 GB Database: MySQL 5.5, Microsoft SQL Server 2008 R2 standard PC servers are recommended. Determine the hardware specifications based on the network scale. When esight Network Traffic Analyzer and esight Unified Network Management Platform are deployed on different servers, esight Network Traffic Analyzer can be deployed on a VM. VM resource requirements are as follows: Operating System Windows Server 2008 R2 standard Configuration Requirement VMWare ESXI 5.0 CPU: 1 x quad-core 2 GHz or higher Memory: 6 GB Disk space: 300 GB Database: MySQL 5.5, Microsoft SQL Server 2008 R2 standard PC servers are recommended. Determine the hardware specifications based on the network scale. Deployment Scenarios Original Data Stream Facilitates Fault Location NTA can extract an original data stream based on a specified time range and filtering rules for further analysis and fault location. Original traffic information includes the router, source, and destination address, application, source and destination port, protocol, TCP flag, next hop, inbound and outbound interface, and DSCP, traffic, and data packets. Users can create traffic investigation tasks for suspected abnormal traffic on the NTA page to extract original data stream information about the current traffic. WAN Branch 1 Branch 1 esight network traffic system
esight Network Traffic Analyzer enables NetStream on an enterprise's WAN-link device interfaces to send traffic information to the esight Network Traffic Analyzer. esight NTA provides the following functions in this scenario: Analyzes the current WAN link traffic composition. Helps recognize abnormal traffic and junk applications. Quickly locates the IP address of the terminal generating abnormal traffic. Optimizes link application traffic distribution. Improves WAN link usage. Recognizes DSCP bandwidth distribution on the enterprise branch egress. Adjusts service priority policies. Periodically generates a link interface traffic report. Detects network application traffic increase. Facilitates advance network planning and expansion. Ordering Information esight LogCenter Manager Item Quantity Remarks esight Application Base-Standard (includes 60 device licenses)or esight Application Base-Professional (includes 60 device licenses) 1 Mandatory for esight Unified Network Management Platform esight Network Traffic Analyzer 1 Mandatory for esight Network Traffic Analyzer esight NTA License-Incremental 1 Device License One license manages one incremental device. esight NTA License-Incremental 2 Device One license manages two incremental esight NTA License-Incremental 5 Device One license manages five incremental Product Overview Massive application systems and network devices are deployed in an enterprise, including hosts, databases, other application systems, switches, and firewalls. Due to inconsistent device log formats, low readability, and difficulties storing massive logs, major security risks cannot be promptly detected from logs. Government agencies and industrial organizations provide guidance and stipulations through internal control laws and standards, which impose higher requirements on the completeness, accuracy, and effectiveness of run logs and user logs. esight LogCenter: Provides a platform for collecting, storing, and auditing multiple types of large-scale logs in a unified manner. Supports log management of Huawei and third-party vendors. Provides industry-leading NAT tracing function and security event analysis. Features Unified Log Management and Quick Matching Capability esight LogCenter supports multiple log collection modes, including Syslog, session, SFTP, FTP static file, FTP dynamic file, and Windows Management Instrumentation (WMI). Users can collect, classify, filter, summarize, analyze, store, and monitor logs reported from the application systems or NEs to help the administrator manage massive logs and learn NE running status, trace network user behaviors, and quickly recognize and eliminate security risks. esight LogCenter supports prompt notifications of key logs. The administrator can customize keywords, log type, and log level thresholds. When logs match customized keywords, log type, or log level, esight LogCenter generates alarms in real time and notifies users through SMS messages or emails. Professional NAT Tracing and Automatic Association with User information to Meet Secure Audit Requirements esight LogCenter collects and analyzes logs about sessions on NAT devices to obtain NAT information, including the IP address, destination port, NAT source IP address, and protocols. esight LogCenter uses the NAT information and the data source provided by the Authentication, Authorization and Accounting (AAA) server to ensure secure audit and traffic investigation. Profound User Online Behavior Analysis esight LogCenter works with Huawei USG and ASG devices to analyze user online behaviors, including user traffic, online time, keywords, web access trends, emails, applications, network threats, and outgoing files. Rich Security Event Analysis Reports Showing Network Security Status esight LogCenter collects security event logs about network security devices and systems, such as Huawei network UTM system, firewalls, intrusion protection system, and Anti-DDoS system, analyzes them, and
generates reports to help users learn the network security status. esight LogCenter supports DDoS attack event analysis, plug-in block analysis, access control event analysis, policy matching analysis, IPS analysis, URL filter analysis, and email filter analysis. Log Collector: Receives, summarizes, formats, filters, counts, and stores logs and generates alarms. Log Analyzer: Manages policies, reports, devices, systems, and users. Log Console: Provides an interaction GUI for managing foreground and background using the web. Centralized deployment: When performance requirements are low, esight LogCenter can also be deployed in a centralized way. Million-level Log Processing per Second, Meeting Requirements of State-level Network Auditing esight LogCenter meets the performance requirements of state-level network auditing and collects and audits millions of system logs in a second, supporting high-performance log collection, storage, and audit functions for large and ultra large networks. Operating Environment esight LogCenter Manager can be deployed on the same server as esight Unified Network Management Platform standard or professional edition, or on a different one. When they are configured on different servers, configuration requirements are as follows: Operating System Windows Server 2008 R2 standard Deployment Scenarios Huawei NAT device Configuration Requirement CPU: 1 x hexa-core 2 GHz or higher Memory: 8 GB Disk space: 36 TB (The recommended available disk space is 33 TB.) Database: MySQL 5.5, Microsoft SQL Server 2008 R2 standard PC servers are recommended. LogCenter supports distributed deployment. Determine the hardware specifications and the number of servers based on the network scale. esight LogCenter network can be deployed in centralized or distributed ways. Distributed deployment: The Log Collector and the Log Analyzer are deployed separately on two servers. Database storing original log text Log Analyzer SQL Server database for storing statistics logs and reports Huawei NAT device Description Quantity Remarks Basic log management functions on esight LogCenter (including a small-scale log management license) Extended esight LogCenter management function components (including third-party device log management and identity association) esight LogCenter log management function promotion packages Small-scale log management license (managing 250 Syslog logs every second for about 25 devices, tracing 1,250 NAT logs with 250 Mbit/s outgoing bandwidth, and supporting 250 GB storage for about 60 days) Medium-scale log management license (managing 1,000 Syslog logs every second for about 100 devices, tracing 5,000 NAT logs with 1 Gbit/s outgoing bandwidth, and supporting 1 TB storage for about 60 days) Large-scale log management license (managing 2,500 Syslog logs every second for about 250 devices, tracing 125,000 NAT logs with 2.5 Gbit/s outgoing bandwidth, and supporting 2.5 TB storage for about 60 days) Storage expansion license for log management components of esight LogCenter-1 TB Configured only on one Log Collector Storage expansion license for log management components of esight LogCenter-10 TB Configured only on one Log Collector Storage expansion license for log management components of esight LogCenter-30 TB Configured only on one Log Collector 1 Mandatory 0 or 1 0 or 1 Log Analyzer When fewer than 2,000 logs are managed every second in an SMB project, esight LogCenter and an esight application base can be deployed on the same server. Ordering Information. Extended functions include third-party device log management and identity association.. The basic and expansible packages are included.. The log management capability is controlled by EPS (that is, the number of logs collected every second). The value is calculated assuming that 10 Syslog logs are collected on each device every second, and five session logs are generated on 1 Mbit/s bandwidth every second. Project requirements in most scenarios can be met. Requirements can also be adjusted if customer requirements are decreased or increased. For example, if most devices on the user network are switches, which send fewer Syslog logs, a small-scale package can manage a network consisting of 100 NEs; however, if the user network outgoing bandwidth is 200 Mbit/ s, while more than 2,000 sessions are generated each second, two small-scale packages can be used as required. The log storage expansion license is optional.
Various Topology Views Show Wireless Network Status in Different Dimensions WLAN Manager Service topology: The service topology shows connections between the ACs, APs, and Stations (STAs) and marks rogue APs. Users can view detailed information about the ACs, APs, STAs, and rogue APs and diagnose wireless service faults (such as by the ping operation). Product Overview With network development, Wireless Fidelity (Wi-Fi), a low-cost and highly efficient network deployment and maintenance mode, has been widely recognized by customers. However, Wi-Fi's high requirements on the environment and distributed deployment of a large number of ACs and APs on WLAN networks make maintenance costly and difficult; therefore, an easy-to-use and efficient WLAN management system is the key to ensure enterprise E2E operations. Huawei esight WLAN Manager integrates the management of wired and wireless networks, supporting wizard configuration to improve wireless services deployment efficiency. It displays information about WLAN network quality, interference sources, wireless intrusion, and access terminals. It also supports one-click diagnosis, interference source locating, access terminal locating, and spectrum analysis at the terminal and network side to implement highly efficient troubleshooting. Features Unified Wired and Wireless Management Location topology: WLAN Manager can deploy APs to different areas in the physical topology and display hotspots to help maintenance personnel discover radio signal coverage holes and channel collision areas. It supports locating users, unauthorized devices, and interference sources, and displays historical tracks. Administrators can determine whether to display or hide users of a specified area, rogue APs, unauthorized users, and interference sources. In esight physical topology, users can monitor switches, routers, and security, IT, H3C, and Cisco devices in a unified manner. Through centralized management of wired and wireless devices, such as ACs, Power over Ethernet (PoE) switches, and APs, users can directly view device connections, status, and alarms on the entire network. Deploying Services on Wireless Devices in Batches, Improving Management Efficiency Users can use the wizard to deploy services, accelerating service deployment, and manage Huawei ACs to configure WLAN services. AP configurations are stored on the AC. After tunnels are set up between the AC and APs, the APs can obtain configurations from the AC.
Frequency spectrum analysis: Users can obtain the channel quality and interference source information from spectrograms, which contain real-time, in-depth, channel quality, and channel quality trend grams, and device duty cycle. Wireless Network Security Detection The Wireless Intrusion Detection System (WIDS) monitors intrusion devices and non-wi-fi interferences and provides frequency spectrum analysis features. WIDS management: The WIDS manages wireless network interferences in different categories. Interferences are classified based on user customized rules. Upon detecting an interference, the WIDS chooses whether to generate an alarm based on user alarm configurations. The WIDS can also take countermeasures for unauthorized Quick network fault locating: Diagnose network quality from four aspects, including user, SSID, AP, and AC. List possible problems and give corresponding solutions to help troubleshooting. Quick Service Adjustment, Covering Hotspots and Optimizing Radio Frequency If a coverage hole exists on the network, users can use esight WLAN Manager to quickly deploy services on new APs to cover hotspots. One-Click Diagnosis, Quickly Locating Faults Diagnosis at the terminal side: WLAN diagnostic tools help rectify network faults caused by a terminal's operating system version, wireless network adapter settings, and system service settings with one-click, saving troubleshooting costs.
When a carrier's APs or private APs occupy the planned channels and interfere with APs on the live network, users can use esight WLAN Manager to quickly change the channel if negotiation is unavailable. Deployment Scenarios Quick AP Fault Diagnosis Ordering Information Item Quantity Remarks esight Application Base-Standard (includes 60 device licenses) Or esight Application Base-Professional (includes 60 device licenses) 1 Mandatory for esight Unified Network Management Platform esight WLAN Manager (includes 5 APs) 1 Mandatory esight can restart, replace, and restore APs to factory settings in a batch. During WLAN network debugging, or when APs are faulty, users can remotely restore APs to factory settings in a batch. During WLAN network debugging or when APs are upgraded, users can remotely restart APs in a batch. If an AP is faulty, users can quickly replace the AP in esight. The replacement does not affect AP configurations. Resource Statistics Meeting O&M Requirements Entire-network resource statistics: An online user line chart shows the top five accessed fit APs and SSIDs, top five device alarms, and physical resource statistics on the entire network. AC statistics: A line chart shows statistics about online users collected by the AC, including AP and domain information and the top five AC alarms. AP statistics: Shows the top five AP alarms and performance counters (including the number of terminals connected to APs, AP physical attributes and traffic, and radio traffic). SSID statistics: Shows the number of APs, number of VAPs, and number of terminals connected to APs. Region and location statistics: Displays the total number of APs, number of online APs, and number of online STAs by region and location. Operating Environment esight WLAN Manager is installed on the same server as esight Unified Network Management Platform standard or professional edition; therefore, the operating environment configuration requirements are the same. esight WLAN License-Incremental 5 AP esight WLAN License-Incremental 50 AP esight WLAN License-Incremental 100 AP esight WLAN License-Incremental 200 AP esight WLAN License-Incremental 500 AP esight WLAN License-Incremental 1,000 AP esight WLAN License-Incremental 2,000 AP esight WLAN License-Incremental 5,000 AP One license manages five incremental APs One license manages 50 incremental APs. One license manages 100 incremental APs. One license manages 200 incremental APs. One license manages 500 incremental APs. One license manages 1,000 incremental APs. One license manages 2,000 incremental APs. One license manages 5,000 incremental APs. esight WLAN Real-Time Location System (RTLS) WLAN positioning function esight WLAN RTLS-5 AP Base Location Service esight WLAN RTLS-25 AP Base Location Service esight WLAN RTLS-100 AP Base Location Service One license manages five incremental RTLS APs. One license manages 25 incremental RTLS APs. One license manages 100 incremental RTLS APs. esight WLAN Planning Tool WLAN planning tool esight WLAN Testing Tool WLAN planning tool
Simple and convenient auto-discovery of services simplifies O&M. The MPLS VPN Manager combines policies and scopes for service discovery on the entire network. Users do not need to specify device roles. The MPLS VPN Manager can detect various types of networks, including full-mesh, hub-and-spoke, Multi-VPN-Instance CE (MCE), HoVPN, Inter-AS VPN-Option A, and Inter-AS VPN- Option B networks. One-click fault diagnosis enables fast fault identification. The MPLS VPN Manager can identify service faults at different layers, including the access layer between Provider Edges (PEs) and Customer Edges (CEs), and public routes and Label Switched Paths (LSPs) between PEs. MPLS VPN Manager Product Overview VPNs are complex, bearing various services such as data, voice, and video. Huawei esight MPLS VPN Manager is designed to deal with such complex scenarios as the following in routine maintenance: Shielding complex services and allowing maintenance personnel to know the operating status of deployed VPN services in real time and perform troubleshooting in a timely manner. Monitoring the bandwidth usage of each service to ensure the priority of emergency command systems and important users. Ensuring cross-regional video conferencing quality among provinces, cities, counties, and towns. Huawei esight MPLS VPN Manager integrates discrete VPN information on the network into visible manageable objects and displays them in topology. Administrators can easily monitor VPN services and diagnose faults to ensure QoS and reliability of key services. Visual service management facilitates unified monitoring on the entire network and provides real-time services operating status. The access topology view displays devices based on services currently running on them and displays alarms and the link status of current services for quick diagnosis. Features E2E wizard quickly deploys VPN services. esight MPLS VPN Manager provides E2E service deployment capabilities to help users quickly deploy new VPN services, add new VPN access points, and change existing VPN services, improving service maintenance efficiency. esight MPLS VPN Manager supports static routes, OSPF, IS-IS, and Exterior Border Gateway Protocol (EBGP) routing protocols between PEs and CEs on networks in full-mesh, hub-spoke, Multi-VPN- Instance CE (MCE), and customized modes. esight MPLS VPN Manager interacts with report, SLA, and performance monitoring. Intelligent interaction with performance monitoring: esight MPLS VPN Manager allows users to customize and view traffic statistics, Virtual Routing and Forwarding Tables (VRF) traffic statistics, and the number of active VRF routes on the five or ten most active access interfaces. esight MPLS VPN Manager also provides traffic trend charts with detailed counters.
Ordering Information Item Quantity Remarks Intelligent interaction with SLA: esight MPLS VPN Manager provides SLA assessment on service links between a PE and a CE, and between PEs based on Internet Control Message Protocol (ICMP) Echo service. esight Application Base-Standard (includes 60 device licenses)or esight Application Base-Professional (includes 60 device licenses) esight MPLS VPN Manager (includes 60 device licenses) esight MPLS VPN License-Incremental 50 Device esight MPLS VPN License-Incremental 100 Device esight MPLS VPN License-Incremental 200 Device esight MPLS VPN License-Incremental 500 Device esight MPLS VPN License-Incremental 1,000 Device esight MPLS VPN License-Unlimited Device 1 1 Mandatory for esight Unified Network Management Platform Mandatory for esight MPLS VPN Manager, which can manage 60 PEs and CEs. One license manages 50 incremental PEs and CEs. One license manages 100 incremental PEs and CEs. One license manages 200 incremental PEs and CEs. One license manages 500 incremental PEs and CEs. One license manages 1,000 incremental PEs and CEs. One license manages an unlimited number of PEs and CEs, restricted only by the management capability of a specific esight version. Intelligent interaction with reports: esight MPLS VPN Manager provides interface traffic statistics and service VRF statistics in reports, which customers can export. Operating Environment esight MPLS VPN Manager is installed on the same server as esight Unified Network Management Platform standard or professional edition; therefore, the operating environment configuration requirements are the same. Deployment Scenarios
esight MPLS Tunnel Manager automatically discovers tunnels deployed on the network to obtain information such as the number of tunnels, tunnel types, and tunnel status. esight MPLS Tunnel Manager uses the automatic discovery function to discover the MPLS TE tunnels (RSVP- TE signaling-based dynamic tunnels and CR-Static signaling-based static tunnels) and LDP tunnels that have been deployed on the network to esight from specified or all esight MPLS Tunnel Manager Product Overview Tunnel technology is widely used on enterprise networks. Enterprises choose tunnels based on service features. Generally, LDP tunnels carry services with low bandwidth and QoS requirements, and MPLS TE tunnels carry services with high bandwidth and QoS requirements. To ensure that services run properly, administrators must know the following tunnel information on the current network: number of tunnels, tunnel types, path of each tunnel, tunnels with the protection function, and whether a tunnel switchover occurs. esight MPLS Tunnel Manager automatically discovers MPLS TE tunnels (RSVP-TE signaling-based dynamic tunnels and CR-Static signaling-based static tunnels) and LDP tunnels that have been deployed on the network. It monitors the tunnels in real time and displays tunnel running status dynamically. In addition, esight MPLS Tunnel Manager monitors active-standby switchover and bypasses. Features esight MPLS Tunnel Manager allows users to easily and efficiently configure tunnel policies using a template. The smart configuration tool can be used to deliver tunnel policies in a batch, which reduces errors and improves efficiency. esight MPLS Tunnel Manager monitors tunnels in real time and dynamically displays the tunnel running status. When receiving an alarm, esight MPLS Tunnel Manager notifies users of tunnel status changes in a timely manner. The tunnel topology displays tunnel status and provides entries for users to view the link bandwidth information (such as bandwidth on outbound or inbound interfaces and maximum reserved bandwidth), link interface information, and whether MPLS is enabled on devices, helping users diagnose faults. When receiving an alarm, users can directly access the Tunnel Topology page from the alarm page to check the tunnel status. When detecting that the active LSP is faulty, esight MPLS Tunnel Manager performs an active-standby switchover or bypasses the faulty LSP. All paths of the original tunnel before the switchover or bypass are unavailable. The active-standby tunnel switchover status is displayed in the tunnel topology.
When an LDP tunnel is faulty, all links in the tunnel topology are unavailable. Operating Environment esight MPLS Tunnel Manager is installed on the same server as esight Unified Network Management Platform standard or professional edition; therefore, the operating environment configuration requirements are the same. Deployment Scenarios esight MPLS Tunnel Manager works with MPLS VPN Manager to let users quickly locate services affected by tunnel faults and check whether a service fault is caused by a tunnel fault. In the esight MPLS VPN Manager service list, users can click Tunnel List to view tunnels that carry a VPN and check whether a service fault is caused by a tunnel fault based on the tunnel status. Ordering Information Item Quantity Remarks esight Application Base-Standard (includes 60 device licenses)or esight Application Base-Professional (includes 60 device licenses) 1 Mandatory for esight Unified Network Management Platform esight MPLS Tunnel 1 Mandatory for esight MPLS Tunnel Manager In the esight MPLS Tunnel Manager tunnel list, users can click View VPN to view VPNs carried on a tunnel and learn which VPNs will be affected by a tunnel faul
Automatic Service Discovery, Simplifying User Operation esight IPSec VPN Manager automatically discovers all or specified IPSec VPN services on a hub-spoke or site-to-site network. Users can view service alarm status, encrypted service data direction, and packet loss information on the service topology. Users can also view tunnel information and historical information about tunnel setup to help locate service faults. esight IPSec VPN Manager Product Overview Enterprises use the IPSec VPN network to carry service data, ensuring data security; however, IPSec VPN technology is complex with multiple configuration parameters and commands, leading to troubleshooting and routine maintenance difficulties. The esight IPSec VPN management component automatically discovers IPSec VPN services on a hub-spoke or site-to-site network to provide all-round monitoring and diagnosis, facilitating troubleshooting and maintenance on the IPSec VPN network. Features Quick Diagnosis, Improving Troubleshooting Efficiency The quick diagnosis function allows users to find detailed causes for service faults, such as failure of activating services and VPN faults. The following information can be diagnosed: interface status at two ends, whether IPSec policies are applied to interfaces, whether the policies can initiate IPSec negotiation, IPSec policy integrity, Internet Key Exchange (IKE) negotiation result, and IPSec negotiation result. Users can export diagnosis results. Various Statistics Display, Showing IPSec VPN Network Performance Status Operating Environment esight IPSec VPN Manager is installed on the same server as esight Unified Network Management Platform standard or professional edition; therefore, the operating environment configuration requirements are the same. Deployment Scenarios Currently, esight supports two IPSec VPN networking scenarios: site-to-site VPN (point-to-point) and hubspoke VPN (point-to-multipoint). Site-to-site VPN A site-to-site VPN implements communication between LANs; therefore, it is also called LAN-to-LAN VPN or gateway-to-gateway VPN. Typical networking is shown below:
PC IPSec Tunnel PC Headquarters Gateway A Internet Gateway B Branch Server Server Hub-spoke VPN Hub-spoke VPN implements IPSec VPN communication between an enterprise headquarters and its multiple branches. Typical networking is shown below: IPSec Tunnel esight Secure Center Headquarters Gateway A Internet Gateway B Branch 1 Product Overview esight Secure Center provides security policy management functions (such as unified configuration and deployment of security application policies on the entire network) for Huawei UTM, firewalls, and ARs, helping users manage multiple security devices in a unified manner and reducing security O&M costs. PC IPSec Tunnel Gateway C Branch 2 Features esight Secure Center supports the unified configuration of security application policies. esight Secure Center centrally manages security application policies on multiple devices, including Huawei UTMs, firewalls, and ARs. Users can configure device security application polices based on the user, user group, and device. Ordering Information Item Quantity Remarks esight Application Base-Standard (includes 60 device licenses)or esight Application Base-Professional (includes 60 device licenses) 1 Mandatory for esight Unified Network Management Platform esight IPSec VPN Manager (includes 60 device licenses) 1 Mandatory. One license manages 60 esight IPSec VPN License-Incremental 50 Device esight IPSec VPN License-Incremental 100 Device esight IPSec VPN License-Incremental 200 Device esight IPSec VPN License-Incremental 500 Device esight IPSec VPN License-Incremental 1,000 Device One license manages 50 One license manages 100 One license manages 200 One license manages 500 One license manages 1,000
esight Secure Center supports intelligent security policy analysis to provide basis for security policy optimization. esight Secure Center supports analysis on policy redundancy, policy risk, policy matching rate, and comprehensive policy analysis. Policy redundancy analysis: Recognizes redundant policies on the network to ensure rationality of firewall policies. Policy risk analysis: Recognizes policies with potential risks and provides suggestions to ensure the conformity and security of firewall policies. For example, if a policy is used to enable a port that must be disabled, or a policy is applied to a wider network segment, potential risks exist. Policy matching rate analysis: Recognizes policies with high matching possibilities to facilitate policy optimization by O&M personnel. Comprehensive policy analysis: Integrates analysis on policy redundancy, policy risk, and policy matching rate to provide device robustness assessment. Operating Environment esight Secure Center is installed on the same server as esight Unified Network Management Platform standard or professional edition; therefore, the operating environment configuration requirements are the same. Deployment Scenarios Deployment scenarios for esight Security Center are the same as those for esight Unified Network Management Platform. Ordering Information Description Quantity Remarks esight Application Base-Standard (includes 60 device licenses)or esight Application Base-Professional (includes 60 device licenses) esight IPSec VPN Manager (includes 60 device licenses) 1 1 Mandatory for esight Unified Network Management Platform Mandatory. One license manages 60 esight IPSec VPN License-Incremental 50 Device One license manages 50 esight IPSec VPN License-Incremental 100 Device esight IPSec VPN License-Incremental 200 Device esight IPSec VPN License-Incremental 500 Device esight IPSec VPN License-Incremental 1,000 Device One license manages 100 One license manages 100 One license manages 100 esight Secure Center supports virtual firewall management. One license manages 100 esight Secure Center automatically detects virtual firewalls and configures security policies on them and can configure and manage security policies on hundreds of virtual firewalls in a unified manner.
Copyright Huawei Technologies Co., Ltd. 2014. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd. Trademark Notice, HUAWEI, and are trademarks or registered trademarks of Huawei Technologies Co., Ltd. Other trademarks, product, service and company names mentioned are the property of their respective owners. General Disclaimer The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.