H3C Application Driven Data Centre Solution

H3C announced the launch of Application Driven Data Centre, with a flexible structure deployed with SDN controller is called Virtual Converged Framework Controller (VCFC), which provides customers with an automated and programmable data centre, to achieve a virtualized and software-defined data centre network, and meet the business need of fast delivery in the era of cloud computing.

Flexibility

• Adhere to the concept of openness,Fabric network enables integration of any heterogeneous resource management platform or cloud platform and provides extensive support to protocols, including EVPN, VxLAN, OVSDB, OpenFlow and Netconf etc., which effectively prevents customers from being locked by single product, lowering the risk to unsuccessful migration to new technology.

Open to Code

The SDN based data center can facilitate administrators to self define the data center with more flexibility H3C SDN controller VCFC (Virtual Converged Framework Controller) is the core of the programmable data center. VCFC is changing the network’s deployment and operational model with its high reliability, performance, fully open interface and programmable extensibility. With a richer and more flexible capabilities, H3C helps companies adapting to the changing network development trends, and provides enterprises with intelligent, secure, reliable information network architecture.

VCF Controller adopts open standard Restful API or Java API embedded interface at NorthBound, for a self-controllable SDN APP application development. At SouthBound, VCFC uses the southbound interface that standardized by OpenDayLight organization, in which the standard follows the southbound protocol from OpenFlow, NETCONF, OVSDB etc.

Conclusion

Data Centre development is shifting to application-driven approach. H3C insists to be open-minded and standardized, aiming to provide customers a flexible, agile, and visualized automatic data centre network, in order to deliver greater availability to meet business expectations in the New IT era.

 

H3C Application Driven Campus Solution

Based on the next-generation Overlay flexible campus infrastructure network, along with the software defined concept, H3C ADCampus Solution innovatively introduced the Overlay+SDN technology, which subverts the traditional “Users Adapt to Network” to “Network Adapt to Users”. Without modifying network configuration or hampering operation & maintenance, users and devices could move anywhere among campus while enabling users and devices remained in the established isolated network and continuing the established network strategy.

ADCampus Solution significantly simplifies campus operation and maintenance and meets the new demand of campus network under the trend of mobility and IoT with:

Role-Based IP Distribution

• Benefit from flexible network, ADCampus changes the traditional rule of location-based IP distribution to role-based IP distribution and ultimately achieves “IP is User, Network is Application” in user network.

• The value of “IP is User” is achieving one-to-one correspondence between user and IP. Not only focus on IP control, also users, which help with people auditing. Meanwhile, the bundle between terminal and IP indirectly realizes safe connection of terminals.

• The value of “Network is Application” lies in coupling IP network segment and user group or application. Upon control of IP network segment, we also get control

of user group and application. Therefore, an ACL can help achieve isolation of application.

“Network Adapt To Users” Campus Network

• In traditional campus network, to ensure consistency of user permission or isolate user group, network configuration must be modified constantly upon change of user’s location which brings massive investment on equipment deployment and, increase operation and maintenance workload. On the other hand, frequent modification on configuration will also lead to breakdown due to manual operation.

• ADCampus Solution realized “Network Adapt to Users” by allowing network resources (e.g. IP address, security resources, isolated channels) and network policy (e.g. access and security policy) to follow movement of users and devices directly and has nothing to do with devices location, intermediate network nor access method. The network will detect the attribute of user device and isolate auto connect via automatic identification, marking and policy allocation.

• As network operation and maintenance are greatly simplified upon users location change, network utilization can be improved as well as lower the chance of breakdown due to change done by manual operation.

Operation and maintenance for separated application & network

• On application level, ADCampus Solution can achieve user based resources allocation and define matrix group policy. In network level, devices can be connected as well as user and network policy can be deployed automatically. Meanwhile, users can access anywhere at terminal level. Each level is independent which help achieve independent operation and maintenance.

Conclusion

•ADCampus Solution integrates the latest overlay+SDN technology and suggest the flexible network concept which successfully solves operation and maintenance issue due to location binding during campus construction, separation between wired and wireless network and network isolation. Enable network to detect, identify and update automatically and achieve “Network Adapt to User” among campus network, ultimately, fulfilling the emerging need of network mobilization, effective management, simplifying operation and maintenance under the hot rising mobilizing and IoT.

 

H3C Application-Driven Campus Director

Overview

With the rapid development of network applications, users have higher demands on access to the network at anytime, anywhere:

· Mobile, the office is no longer limited to its own desk, but headquarters, branches, and even on the road.

· Wireless, and the popularity of smart terminals has gradually become the mainstream of wireless access. At the same time, it poses new challenges for the integrated wired and wireless management of campus networks.

· IoE (Internet of Everything), IoE has brought about explosive growth in the number of terminals and often has different attribute relationships with existing services. The workload of configuration increases dramatically and security policies become more complex.

H3C Application-Driven Campus Director (ADCampus Director) is developed based on Software Defined Network (SDN) to combine network and services for intelligent campus network management. It is applicable to VXLAN-based campus networks of all sizes and provides automated device deployment, end-to-end service deployment, account-IP binding, and unified wired and wireless management.

Features

Automated campus network deployment

· Simplified online configuration - Simplifies network configurations based on spine-leaf-access layer network design to deploy the same configuration file to devices at the same layer. ADCampus Director can guide you to complete configuration file generation for a layer without any command execution and can load the configuration file for the devices at this layer automatically.

· Location identifier import - Automatically imports device location identifiers after the devices come online, allowing for fast device locating and troubleshooting.

· Full-process monitoring - Allows you to monitor the whole deployment process of devices from ADCampus Director.

· Automatic expansion and replacement - Automatically identifies newly added devices and replaced devices, assigns configuration to the newly added, and restores configuration on the replaced.

· Automated configuration and orchestration policy deployment through code sharing.

· Smart phone 2R code App. Through scanning device QR code, it can quickly realize the automatic device online; the configuration and layout strategy can be delivered automatically and the service is available immediately

Scenario-based service deployment wizards

· ADCampus Director provides scenario-based wizards, including initial configuration, device launching, service planning, account opening, and guest management, allowing one-click service deployment and greatly improving management efficiency.

Automated end-to-end service deployment

· ADCampus Director can automatically identify device and port roles in the network and issue specific configuration to devices and ports based on their roles. This can greatly reduce service deployment time and improve efficiency.

As shown in the following table, for example, to deploy 4 spine devices, 40 leaf devices, and 500 access devices in a school network with 10000 access users, a total of 133 hours are required for deploying the configurations listed in the table, with 10 minutes for each device. However, with ADCampus Director, deployment can be finished within one hour.

Item

Configuration

Time required with ADCampus Director

VRF instance creation

VRF instance creation

· Spine devices—Less than 1 minute

· Leaf devices—Less than 1 minute

VXLAN configuration

VSI and VSI interface creation

· Spine devices—Less than 1 minute

· Leaf devices—Less than 1 minute

AC creation and AC-VXLAN association

Leaf device downlink interfaces: Less than 2 minutes

VLAN creation

· Access devices—0.05 minutes for each device

· Leaf devices—Less than 2 minutes

· Spine devices—Less than 1 minute

Security group configuration

DHCP network segment and Option 82 configuration

< 1 minute

DHCP relay configuration on the VSI interfaces of leaf devices

< 2 minutes

VRF instance and VSI interface binding

· Spine devices—Less than 1 minute

· Leaf devices—Less than 2 minutes

Inter-group policy creation

ACL configuration on the source security group's VSI interface

· Spine devices—Less than 1 minute

· Leaf devices—Less than 2 minutes

Total

N/A

< 1 hour

Diversified resource management

· Topology management - Provides the following topology views for multi-dimension network management:

· Overall topology - Displays all devices managed by ADCampus Director.

· Custom topology - Displays devices in the customized view. ADCampus Director allows you to add devices to a customized topology view for ease of management.

· Overlay topology - Displays specific VXLAN topology based on the VXLAN ID.

· Wired Management - Provides batch device management and single-device configuration (VLAN configuration, for example) and management.

· Wireless Management - Provides management of HP MSM series, H3C series, Aruba, and Cisco ACs, fat APs, and fit APs, as well as auto discovery, configuration, and monitoring of wireless clients. You can monitor device operation status and manage devices in groups by mobility group, floor, or device type.

· DHCP, DNS and IP (DDI) management - Helps administrators control IP address allocation, record abnormal address access, track IP addresses, and scan network segment usage. It supports assigning different IP segments to different operators, and allows administrators to view IP address usage in the whole network through statistics reports and various query criteria.

· Underlay management - Manages device configuration files and image files with the following features:

· Baseline configuration - Allows for setting a configuration file baseline to track configuration changes.

· Software upgrade history - Records software upgrade history and provides fast rollback to a previous version.

· Configuration template and software file libraries - Allows you to upload software files, and create configuration templates or use pre-set templates provided by H3C IMC. This implements configuration template and software file reuse and reduces maintenance complexity.

· Overlay management - Provides VXLAN list, tunnel list, tenant management, and other VXLAN management functions.

Diversified user management

· Online user management - Provides online user filter, message issuing, forced log-off, and re-authentication functions.

· User authentication and authorization - Supports LAN, WLAN, and VPN access authentication, and provides unified user privilege management through combination of users, access services, scenarios, and security groups.

· Guest management - Controls guest access by allowing them to access limited resources only when the access is granted by the guest administrator.

· Automated authentication - Binds user account and terminal MAC address at the first authentication, and allows users to come online again without being re-authenticated within a specific period.

· User and security group binding - Binds users' account name, IP address, and MAC address to specific security groups to give users coherent access privileges anytime anywhere.

· Terminal security protection - Protects a network against security policy violations by access-region-based security checks. ADCampus Director kicks out, isolates, informs, or monitors users that violate security policies, including anti-virus software, OS, and compliance software, and triggers alarms when such a user is detected.

· User behavior audit - Provides NAT logs and network traffic analysis to help operators check network access information.

Application-driven service orchestration

· ADCampus Director can dynamically orchestrate network resources to achieve on-demand service allocation. It abstracts the complexity of network resources to simplify network infrastructure and provides easy but highly efficient management. By defining virtualized network resources as virtual objects, ADCampus Director allows you to use an easy drag-and-drop process to orchestrate them.

Group-based management

ADCampus Director provides group-based user, privilege, and resource management.

· Common group - Allows you to place devices or interfaces at the same layer in one group. ADCampus Director has created device groups and interface groups based on device roles and their relationships in the spine-leaf-access structure. You can adjust the groups as needed.

· Security group - Restricts user privileges by security groups instead of legacy VLAN and ACL combinations. It allows you to define security groups, resource groups, and inter-group policies and orchestrate user privileges to implement flexible and coherent user access anywhere.

· Scenario-based access service - Associates users with specific access services based on scenarios. Each access service is configured with various access criteria (5W1H) and is bound to a security group for convenient user management. ADCampus Director also supports user import from LDAP server, and configuration of system, certificate, upgrade, and single sign-on (SSO) settings for correct access service operation.

One-stop orchestration

ADCampus director offers a platform for consolidating access services, scenarios, private networks, security groups, Layer 2 network domains, and inter-group policies to implement one-stop orchestration.

ADCampus Director provides the following orchestration policies:

· Inter-group policies - Control east-west traffic between users and servers within the campus network.

· Egress policies - Manage firewall/IPS, bandwidth, and NAT settings and control north-south traffic for granular access control and security protection of external and Internet access.

Professional operation and maintenance monitoring

· Dashboard - Displays security group status, activeness, online clients, alarm statistics, wired and wireless resource statistics, terminal usage, and user access information.

· Alarm management - Provides trap definitions, trap filters, and trap-to-alarm rules to achieve comprehensive realtime trap monitoring. ADCampus Director can also send alarms or traps to the specified E-mail or short message recipients as well as other network management systems.

· Traffic analysis - Analyzes traffic information, including source, destination, session owner, duration, and trends, and generates graphs and tables for users to understand the network status from various aspects. With rule- and policy-based deep analysis methods such as root analysis and SLA analysis, users can fast diagnose network problems, solve bandwidth bottleneck issues, and optimize the network. ADCampus Director also provides traffic abnormity check, centralized security event management, and synergetic response based on the resource management platform to improve the risk identification and threat processing performance.

· Syslog management - Collects, displays, and analyzes system logs, and upgrades a log message to an alarm if the message matches the requirements. This helps you fast discover and solve problems.

· Performance management - Provides performance management views, each of which contains one or multiple indexes for performance monitoring. Each index can contain multiple monitoring instances. You can add, modify, and delete performance management views. In a performance management view, the collected statistics are displayed in the form of TopN or trend graphs, or statistics tables.

· Compliance management - Examines whether a device is compliant with the regulatory requirements based on the configured compliance policies. The detected configuration or security issues can be restored by ADCampus Director automatically. These all together ensures that a company's network runs in a secure and stable environment.

Lightweight and fast version deployment

· Lightweight versions for small-scale deployment (less than 2000 users) with abundant functions, including fast ADCampus Director deployment, authentication, and wireless management.

· All-in-one installation and fast deployment of open-source OS, open-source database, ADCampus Director, DHCP server, and SDN applications, such as ADEIA and ADWSM, on a bare server within one hour.

Operating requirements

Server requirements

Item

Windows Server 2012 R2 (64-bit)

Red Hat Enterprise Linux Server 5.5/5.9/6.1/6.4/7.x

Managed devices

0 to 200 (excluded)

200 to 500 (excluded)

500 to 1000

0 to 200 (excluded)

200 to 500 (excluded)

500 to 1000

Processor clock speed

≥ 2.0 GHz

≥ 2.0 GHz

≥ 2.0 GHz

≥ 2.0 GHz

≥ 2.0 GHz

≥ 2.0 GHz

Processors

≥ 2

≥ 4

≥ 8

≥ 2

≥ 4

≥ 8

Memory size

≥ 500 M

≥ 1G

≥ 2G

≥ 500 M

≥ 1G

≥ 2G

Hard drive size

10 GB

20 GB

50 GB

10 GB

20 G

50 GB

10/100/1000Mb autosensing network adapters

≥ 1

≥ 1

≥ 1

≥ 1

≥ 1

≥ 1

Database version

SQL Server 2008 SP3

SQL Server 2008 R2 SP2

SQL Server 2012 SP2

SQL Server 2014

Oracle 11g Release 1

Oracle 11g Release 2

Oracle 12c Release 1

DHCP server version

Microsoft DHCP server 6.3 or higher (comes with Windows Server 2012 R2)

Microsoft DHCP server 6.3 or higher (comes with Windows Server 2012 R2)

Client requirements

Item

Requirements

Operating system

Windows

Processor clock speed

≥ 2.0 GHz

Memory size

≥ 1 GB

Hard drive size

≥ 20 GB

Optical drive

48X optical drive

Network adapter

≥ 100 M

Audio card

Installed

Browser configuration

Pop-up blocker disabled

Browser cookies enabled

ADCampus Director website in the trusted site list

A minimum of 1280px-wide display resolution

Browser version

IE10.0/IE11

Firefox30 or higher version

Chrome44 or higher version

Features

Menu

Submenu

Description

Required component

Dashboard

Dashboard

Displays overall network performance, status, and alarm statistics.

N/A

Quick Start

Quick Start

Provides shortcuts for frequently used functions.

N/A

Campus Planning

Campus Planning

Provides network planning and automatic device deployment configuration.

N/A

Topology

Custom Topology

Provides customized topology configuration functions.

N/A

Overall Topology

Displays the overall topology that contains all devices.

N/A

Overlay Topology

Displays VXLAN topologies.

N/A

Resource

Wired

Provides wired device management.

N/A

Wireless

Provides wireless device management.

ADWSM

Security

Provides management of security features, such as firewall, IPS, and ACG.

ADSSM

LB

Provides LB resource management.

ADSSM

DDI

Provides DHCP, DNS, and IP management.

N/A

Service

Common Group

Provides interface group and device group management.

N/A

User Policy

Provides one-stop orchestration of VRF instances, security groups, Layer 2 domains, access services, scenarios, inter-group policies, and egress security policies, and allows inter-group policy configuration from the aspect of user and scenario.

ADEIA

Security Group

Provides VRF instance, Layer 2 domain, resource group, SGACL, inter-group policy, and egress security policy management.

N/A

Access Service

Provides access service, access policy, and scenario configuration and LDAP server synchronization.

ADEIA

Endpoint Admission Defense (EAD)

Provides security policy, terminal access policy, and software policy management.

ADEAD

Underlay

Provides Underlay service management.

N/A

Overlay

Provides Overlay/VXLAN service management.

N/A

Service Parameters

Provides NTP server and wireless forwarding mode management.

N/A

User

Online Users

Provides user access service management.

ADEIA

All Access Users

Allows for querying users with applied access account.

ADEIA

Guest

Provides guest policy and webpage pushing policy management.

ADEIA

Endpoint Management

Provides automated authentication and endpoint management.

ADEIA

Behavior Audit

Audits online behavior of users.

ADUBA

IP Address Management

Provides user account, IP address, MAC address, and security group binding.

ADEIA

All Assets

Provides desktop asset, peripheries, and software issuing management.

ADEAD

Troubleshooting

Alarm Analysis

Manages and analyzes alarms.

N/A

Syslog Analysis

Manages and analyzes syslog.

N/A

Performance Analysis

Analyzes performance.

N/A

Traffic Analysis

Analyzes network traffic.

ADNTA

Compliance Check

Checks configuration compliance.

N/A

Spectrum Analysis

Performs spectrum analysis.

ADWSM

WIPS Detected

Performs wireless IPS analysis.

ADWSM

User Access Log

Analyzes user access logs.

ADEIA

Security Event Analysis

Analyzes network security events.

ADSSM

System Management

System Management

Operators

N/A

Operating logs

N/A

Access parameters

N/A

System parameters

N/A

Dashboard

N/A

APP

APP

An application for smart phones to scan SN codes and configure role and location information.

The APP is available only for Android systems.

N/A

Application scenarios

Standard

· In a standard scenario as shown in the following figure, the network egress is separate from other campus network services. This structure enables multiple campus networks to be connected in a hybrid way and use the same access services. Each campus is deployed with a primary route reflector (RR) and a backup RR to synchronize route entries in the whole network.

Lightweight

· Lightweight ADCampus Director is applicable only to single-campus and Layer 2 campus applications.

 

H3C ADDC Director

Overview

H3C ADDC Director is the latest generation of DC management platform that is intended for service operation. It consolidates service, logical resource and physical resource in end to end operation to implement converged resources (computing, storage and network) management.

H3C ADDC Director’s ability to manage datacenter resource and its supported service operation stems from a PDCA (Plan-Do-Check-Act) lifecycle. It covers the features from design, implementation, monitoring to optimization. Its advantages over legacy operation platform include:

· Visualized datacenter planning at all stages. Datacenter planning becomes inheritable, traceable, and implementable. It decouples IT capabilities from existing manpower.

· Automated deployment, one-key datacenter construction, configuration and device decoupling. It reduces the number of configuration files, thus realizing the automated and integrated deployment of computing, storage and network resources.

· Graphical presentation of resource and service monitoring, clear topological diagram of physical resource, virtual resource, services and their mirroring relationship, and a clear tagging of services' use of physical resources.

· Consolidation of multiple datacenter data sources that can detect outage and help perform end to end diagnostics.

· Application driven, automated optimization and closed loop service operation.

Features

Visualized datacenter capacity planning and allocation

· ADDC Director features centralized datacenter network and computing resource planning as well as allocation interface, drag and drop operation for datacenter professionals. It provides resource topology in a quick and simple way, and help datacenter operator effectively plan and allocate capacity and resources.

· Based on ADDC Fabric Spine-Leaf architecture, it recognizes and supports three modes including centralized VXLAN, distributed VXLAN and VLAN. It provides automated datacenter capacity planning. Datacenter professionals can conduct network and computing resources planning and allocation through drag and drop interface.

· Datacenter initialization configuration planning includes DHCP, DNS and IP (DDI) allocation, network initialization allocation planning, server initialization configuration planning and other configurations, and operator may complete strategic allocation planning based on allocation topology.

· DDI allocation planning provides DHCP server allocation, network equipment IP address pool allocation, out of band server network management and service port IP address pool allocation.

· Network initialization strategic guide helps to complete network equipment initial configuration automatically, including forwarding configuration file template to the equipment, automated out-of-band management parameters, equipment software version, network role (Spine/Leaf), position, model number and MAC address for automated deployment.

· Server initialization allocation strategic planning completes the server initialization allocation, defines configuration template needs to be download to bare-bone server, out-of-band management parameter such as iLO and IPMI, completes automated allocation process such as assigning server models, location of connection and serial numbers.

Automated resource allocation in datacenter

· When planning, design and initialization for datacenter is complete, one may implement physical equipment and server installation. Director will automatically download configuration and software to the equipment, connects them to the network, and automatically put those resources under Director's management. Deployment efficiency increases by nearly 100 times over manual configuration. This deployment process doesn't involve active user intervention, and system will automatically log deployment process. You may have full control and knowledge about the deployment process, and may rollback and traceback to pinpoint the problem preventing the equipment from going online.

· When operator completes the server installation and connection, they may obtain TFTP server address, document file name through DHCP server, and equipment may automatically start the download process to complete the related configuration according to the role assigned by the configuration file obtained from the TFTP server incorporated within the Director. Once the configuration is done it will reboot and complete the online process.

· Equipment managed by Director can complete various maintenance and status monitoring tasks such as VLAN issue, ACL configuration, configuration backup and software upgrade.

· When automated network deployment is complete, operator may conduct Fabric service allocation such as Underlay, Overlay (VXLAN) and service chain in Director.

Visualized datacenter resource and service monitoring

· Director will focus on the visualized monitoring of fabric resources such as Underlay/Overlay, storage, service and virtualization.

· Underlay network visualization - Monitoring of network equipment operation status, configuration and software version, outage, equipment association test, traffic and full network topology.

· Overlay network visualization - View VXLAN configuration messages, and monitor VXLAN services traffic information.

· Storage visualization - Monitor physical storage equipment's message, running status and capacity usage.

· Server visualization - View server message and running status, total server resource capacity, important message and change in topology.

*

· Virtualization Monitoring - Manages multiple virtualization platforms such as VMWare, KVM, HyperV, Xen and CAS, supports create, change, deploy, clone, migrate and monitor of virtual machine.

· The ultimate reason for datacenter operation and maintenance is to monitor user application and services, so apart from protecting physical and virtual resources layers, one must also monitor application and service layer, discover and handle problem before service quality degrades. Director implements comprehensive application, services and traffic visualization management.

· Application Visualization - Application visualization actively monitors OS running on server/virtual server and applications such as database and middleware. It provides real time report of application's usability, health status and discover anomaly in time.

· Traffic visualization - Visualization shows datacenter's distribution of traffic flow for application and services, including the application type, bandwidth usage, sustained time, source of traffic (inside/outside DC) and long term data trend analysis. This would ensure quality of application by allocation enough bandwidth, and result in better planning for overall bandwidth usage.

· Service visualization - Service visualization consolidates resources and application's operation status for integrated analysis. It uses a preset service health status evaluation mechanism to present the health level of service in a simple and intuitive interface, and greatly improve the operation efficiency of datacenter.

Self-checking and intelligent diagnostics

· ADDC Director provides multiple checking and diagnostics tools that save the operator from daily chores of repetitive checking.

· Control the virtual reality checking with operator specified viewpoint, one may perform a virtual walk-through of every corner of datacenter, and perform all rounded checking of datacenter, including generator room, server racks and equipment.

· Automated equipment checking: through the user defined checking item, checking cycle, diagnostic for anomaly, one may set his own strategic checking parameters including but not limited to hardware and software operation, load status, protocol running status and security, and deliver periodical checking report.

Application driver automated optimization

· With visual monitoring, alert analysis, and checking analysis, one may discover resource and service anomaly actively or passively, and can alert manager to solve the problem and fix the anomaly in time.

· With data related to performance, event, traffic flow, perceived application and service quality degrading, the Director can use application facing strategy to implement end to end dynamic resource re-allocation, and can use multiple ways (email, SMS, voice and SNMP Trap) to inform operator and trigger corresponding action to implement application facing closed-loop maintenance.