V300R005C00
Product Description
Issue 03
Date 2016-05-30
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or
representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Website: http://e.huawei.com
Purpose
This document describes the product positioning, architecture, functions, and applications of
eSight and provides configuration requirements and technical counters for eSight.
This document helps you understand eSight functions and basic operations.
Intended Audience
This document is intended for:
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol Description
Symbol Description
Change History
Changes between document issues are cumulative. The latest document issue contains all the
changes made in earlier issues.
Issue 03 (2016-05-30)
This issue is the third official release which incorporates the following changes:
l Updated 5 Configuration.
Contents
3 Deployment Mode.....................................................................................................................237
3.1 Standalone Mode........................................................................................................................................................ 238
3.2 Distributed Deployment Mode................................................................................................................................... 238
3.3 Two-Node Cluster Deployment Mode........................................................................................................................240
5 Configuration............................................................................................................................. 246
5.1 Hardware and Software Requirements....................................................................................................................... 247
5.2 Client Configuration Requirements............................................................................................................................253
5.3 Network Bandwidth Requirements............................................................................................................................ 253
6 Technical Specifications...........................................................................................................255
6.1 Technical Counters for Basic Management................................................................................................................256
6.2 Technical Counters for Management Capacity...........................................................................................................256
1.1 Positioning
1.2 Product Features
1.1 Positioning
The eSight system is a new-generation comprehensive operation and maintenance solution
developed by Huawei for the network infrastructure, Unified Communications (UC),
telepresence conferencing, video surveillance, and data center in enterprises. eSight centrally
manages servers, storage devices, virtualization, switches, routers, WLAN, firewalls, eLTE
CPEs, eNodeBs, eCNSs, equipment room facilities, UC, eIMS devices, telepresence, video
surveillance, and application systems. eSight enables automatic deployment, visualized fault
diagnosis, and intelligent capacity analysis for enterprise ICT devices. With these functions,
eSight effectively helps enterprises improve O&M efficiency and resource usage while
reducing O&M costs, ensuring the reliable operation of ICT systems.
High Scalability
eSight provides an extension point mechanism, which allows incremental development of
functions and NE version adaptation packages. New functions and NE adaptation packages
can be added without changing code in earlier release packages. To add new functions,
develop new function plug-in packages and deploy them in eSight. To manage new devices,
simply add new NE adaptation packages.
Network The network security l Routers are deployed to separate local area
security mechanism ensures that networks from external networks, enhancing
the switches, routers, data communication security.
and firewalls are l A network firewall is configured for the eSight,
running properly. ensuring network security.
l Rights accessible to external systems are
controlled and managed.
NOTE
User Management
To successfully log in to an eSight client and perform maintenance and management
operations, users must obtain a correct user name and password. eSight uses unique user
names and passwords to determine login and operation rights of users.
eSight user passwords are stored in the database and encrypted using SHA256, an irreversible
encryption algorithm. A newly installed eSight system provides only one default user admin
who has all operation and management rights. Other users are directly or indirectly created by
the admin user. The admin user has all operation and management rights. The admin user
can create other users.
User attributes include the user name, password, role, description, and access control. Users
inherit operation and management rights of their roles. Access control limits the time and IP
addresses available for users to log in to eSight, which ensures eSight access security.
Roles can be created, modified, and deleted on eSight. Their attributes can be queried.
eSight provides one default role Administrators who has operation rights for all managed
objects and cannot be modified.
Role attributes include the role name, user, managed object operation, and description.
l Managed object: This attribute specifies the objects and range of configuration data that
can be managed by a role. If role A cannot manage device C or object group D, the
topology view hides device C and devices in object group D from users in role A. An
object group is a group of devices. Object groups can be created, modified, and deleted
on eSight.
l Operation: This attribute specifies the operations that can be performed by a role.
Operation rights for a device may be assigned to different roles. Therefore, different
roles have different operation rights for the same device.
eSight achieves rights- and domain-based management by providing the managed object and
operation attributes: Users in the Administrators role or with the user management rights can
assign managed objects and operations to other users.
l Domain-based management is the operation of assigning different managed objects to
different roles. This function allows engineers from different O&M departments to
manage different network objects.
l Rights-based management is the operation of assigning different operations to different
roles. Rights-based management and domain-based management together allow
engineers with different duties (at different positions or from different O&M
departments) to perform different operations on managed objects in the same area.
Rights- and domain-based management unifies device and function management. Specifically,
managed objects are assigned based on devices; operation rights are assigned based on
functions on devices.
User Authentication
eSight uses three modes to authenticate users: local authentication, Remote Authentication
Dial In User Service (RADIUS) authentication, and Lightweight Directory Access Protocol
(LDAP) authentication.
l Local authentication: User management, authentication, and security policies are all
controlled by the eSight server. The eSight uses this mode by default. For details about
this mode, see section Local Authentication.
l RADIUS authentication: When a user logs in, eSight verifies and authenticates the login
request through the RADIUS server, finds the role of the user based on the user group
obtained from the RADIUS server, and authorizes the user. For details, see RADIUS
Authentication.
l LDAP authentication: When a user logs in, eSight verifies and authenticates the login
request through the LDAP server, finds the role of the user based on the user group
obtained from the LDAP server, and authorizes the user. LDAP authentication is similar
to RADIUS authentication except that the two modes use different authentication
protocols. For details, see LDAP Authentication.
Local Authentication
In the local authentication mode, user security management ensures the security of eSight on
multiple levels, including the local user management, rights management, password policy,
account policy, login control, and automatic client logout. Password and account policies,
after being configured, take effect on all eSight users.
l Password policy
– Minimum password length (8 characters by default)
– Maximum attempts to enter the password the same as old passwords (3 attempts by
default)
– Maximum number of occurrences of a character in a password (3 times by default)
– Minimum time interval between password change attempts (5 minutes by default)
– At least one special character in a password (not limited by default)
– Password validity period, including the number of days (90 days by default) within
which a password is valid and the time (7 days by default) when the eSight sends a
warning before a password expires
l Account policy
– Minimum length of a user name (6 characters by default)
– Account invalidation: the number of days (60 days by default) within which an
account is inactive
– Account locking: the maximum number of failed login attempts (5 attempts by
default) within a certain period (10 minutes by default) before an account is
automatically locked (for 30 minutes by default)
l Login control: Login control includes time and IP address control.
– Time control specifies the time during which users can log in. Users cannot log in to
eSight beyond the specified time.
– IP address control specifies the IP addresses that the eSight clients can use to log in
to the eSight server. IP address control prevents those who steal user names and
passwords from logging in to the eSight server and therefore further enhances the
eSight security.
l Automatic client logout
To prevent other users from performing unauthorized operations, eSight allows users to
set the client to be automatically logged out. If a user does not perform any operations
within a specified period of time, the client is automatically logged out.
RADIUS Authentication
When RADIUS authentication is adopted, the administrator does not need to create a user
account on eSight in advance. The user account for logging in to eSight is an existing account
that can pass the authentication of the RADIUS server.
When a user enters the user name and password, the security process of the eSight server
sends the user name and password to the RADIUS server. If the user is authenticated by the
RADIUS server, the security process obtains the user group of the user from the RADIUS
server, finds the matched role on eSight, and authorizes the user.
NOTE
Before using the RADIUS authentication mode, ensure that the name of the role defined on eSight is the
same as that defined in the account database of the RADIUS server. In addition, ensure that the account
to be authorized is added to a user group.
LDAP Authentication
As a distributed client/server system protocol, LDAP is used in the VPN and WAN to control
user access to the network and prevent unauthorized users from accessing the networks.
The LDAP authentication mode is similar to the RADIUS authentication mode, but they have
different authentication protocols. The LDAP authentication mode supports the following
features that are not supported by RADIUS authentication:
l Common mode (encryption-free), secure sockets layer (SSL) mode, and transport layer
security (TLS) mode for communication between eSight and LDAP servers.
l Multiple LDAP authentication servers.
For the LDAP authentication process, see Figure 2-3.
Session Management
l Querying online users
Online user information can be queried, including the user name, login time, and login IP
address.
l Logging out of users
When viewing online users, you can force an unauthorized user to log out. This prevents
the unauthorized user from performing unauthorized operations.
l Switching the user login mode
The user login mode specifies whether to allow multiple users to log in to the eSight client
concurrently. The multi-user mode is used in most cases. The single-user mode is used to
prevent interference from other users when a user needs to perform special operations on the
eSight server.
l In single user mode, eSight allows only the current user to log in to the eSight client, and
other all online users are forcibly logged out.
l After the current user exits the single user mode, other users can log in to the eSight
client again.
Adding NEs
NEs can be added by automatic discovery, singly, and in batches.
eSight supports SNMP, SNMP+Telnet/STelnet, HTTPS, IPMI, MML, REST, SMI-S, SOAP,
SSH, TLV, TR069, WMI protocols.
NOTE
Group Management
1. Device Group
You can use the device group management function to classify devices to be maintained
and monitored into a group based on monitoring and O&M requirements.
– Scenario 1:
eSight needs to collect CPU and memory information from routers and switches. Routers
are backbone devices whose faults must be detected in a timely manner. Therefore, you
need to set the performance collection interval of routers to a value smaller than that of
switches. To achieve this purpose, you can use the predefined router group and switch
group to set the monitoring parameters.
– Scenario 2:
Devices in an area of a campus network are being upgraded. You can create a group by
device name and add all devices in the area to a group. Devices are named according to a
specified rule, for example, the device name contains the area ID. During the upgrade,
eSight can shield alarms reported by devices in the area.
eSight provides predefined groups by device type, such as Router and Switch.
You can define device groups by device name, type, subnet, manufacturer, IP address,
category, remarks, and asset owner.
After devices are added to eSight, eSight automatically classifies the devices into
predefined and user-defined groups.
2. Interface Group
You can use the interface group management function to classify device interfaces to be
maintained and monitored to groups based on monitoring and O&M requirements.
– Scenario 1:
A large number of device interfaces exist on a network. However, you need to monitor
interfaces that affect network maintenance only. In this case, you can use the predefined
linked interface group to collect traffic and performance data from linked interfaces only.
– Scenario 2:
Many users in a network area report that their network speed is slow and they frequently
go offline. In this case, you can create an interface group by interface alias or description
and add outbound interfaces of the area to the group. eSight monitors these interfaces
and collects data for analysis.
eSight has a predefined linked interface group.
You can define interface groups by device type, category, group, IP address, alias, name,
description, asset owner, link availability, interface rate, interface alias, interface name,
and interface management status.
After device interfaces are synchronized to eSight, eSight classifies the interfaces to
predefined and user-defined groups.
Device Resources
l View the following information about devices: name, IP address, type, software version,
vendor, synchronization time, maintenance time, launch date, repair and maintenance
expiration time, NE creation time, time zone, asset manager, asset number, purchase
date, and remarks.
l Import and export device resources and device information and determine whether to
manage NEs.
l Batch set SNMP, Telnet, and NetConf parameters; batch synchronize devices; batch
configure time zones; and batch move devices to subnets.
l Batch configure device remarks as well as repair and maintenance information.
l Query device entity data.
l View devices in the topology.
Global Search
eSight supports global search of devices, interfaces, and users by keyword. Search results
provide shortcut operations or links for alarms, performance, topology, and NE manager.
The following sections describe eSight alarm functions based on the flowchart.
Alarm Synchronization
After generating an alarm, a device reports the alarm to the eSight within less than 10s and the
eSight then displays the alarm in the alarm list. After communication between the eSight and
an NE recovers from an interruption, or the eSight is restarted, some alarms on the NE are not
reported to the eSight. The NE alarms on the eSight are different from the actual alarms on
the NE. In the case, you need to synchronize alarms to ensures that the eSight displays the
current operating status of the NE correctly.
Alarms are synchronized according to the following rules:
l If an alarm is cleared from an NE but remains uncleared on the eSight, the alarm will be
cleared from the eSight.
l If an alarm is present on an NE but absent on the eSight, the alarm will be added to the
eSight.
Alarm Masking
l Users can set alarm masking rules to mask unimportant alarms. Alarm masking rules
include the date, time, alarm source, and alarm name.
l While an NE is being repaired, tested, or deployed, the NE may report a large number of
alarms which can be ignored. In this case, you need to mask these alarms so that the
eSight neither displays nor saves them.
l By device: Users can view alarms of network-wide devices. For example, a user can
view all current alarms of a device or a type of device. For details, see the "Alarm
Monitoring by Device" section.
Alarm panel The alarm panel displays the total number of current alarms of
each severity on an MO. It provides an overall view of system
faults and can serve as the monitoring board.
Alarm sound Users can specify sounds for alarms of different severities. After
an alarm is generated, the sound box on an eSight client plays the
specified sound.
Current-alarm list Users can set filter criteria and enter keywords to search for alarms
that have not been acknowledged or cleared.
By default, the eSight offers the following global collection tasks to collect performance data
about network-wide devices:
l Connect Status Monitor
l CPU Usage Monitor
l Memory Usage Monitor
l Packet Loss Rate Monitor
l Port Usage Monitor
l Response Time Monitor
You can customize the following information about global collection tasks:
l Start or stop a collection task.
l Change the collection interval.
l Check the counter collection status of devices.
The eSight also offers the following performance task management functions:
l Add, delete, start, stop, and modify performance collection tasks.
l View the counter collection status.
On the page where performance counter data is displayed, you can also view historical
performance data and check statistical diagrams about historical data.
Users can modify indicators on the historical data page. Users can drag the time slider to
change the time range of the curve in the chart. Users can also change the page layout and set
the quantity of columns (1, 2, or 3) to be displayed on the page.
Users can save indicator and layout configurations to the favorites folder, from which users
can directly display historical curves of specific indicators without entering the overview
page.
My Favorites
You can organize and manage your concerned data through the My Favorites function.
Overview data, historical performance data, and real-time performance data can be saved to
my favorites.
Subnet Smaller network divided from a large network based on the region or device type
to simplify network management.
Topology View
l The topology management page offers a tree structure on the left and a topology pane on
the right. Topology objects are organized hierarchically by layer.
l eSight allows you to zoom in or zoom out in a topology view. An aerial view is provided
to show you the entire topology structure.
l You can view the alarm status of devices and links.
l eSight can switch between bright and dark styles to display rich media tips.
l eSight offers rich media tips. eSight offers link labels to display the collected
performance data, such as interface traffic.
l eSight displays the parent and child relationships between MP-Group bound links and
monitors the link status.
l You can view network-wide VLAN information, allowed VLANs on both interfaces of a
link, and paths in a VLAN.
Figure 2-8 Display of rich media tips, interface performance with link label, and MP-Group
link binding relationship
Topology Operation
l In a topology view, you can: Zoom in or out the topology; export and print pictures; set a
background picture; view the topology in full screen or screen-adaptive mode; and return
to the previous page.
l Add connected physical devices in the topology, view device management information,
modify basic NE attributes as well as repair and maintenance information, set protocol
parameters, synchronize device data, move and delete nodes, and save locations.
l Perform operations by means of right-click menus: You can right-click one or more
devices and links or right-click on a blank area in the topology to display the shortcut
menus.
l Provides a unified entry for topology display, allows users to specify general settings,
device labels, monitored performance data, such as interface traffic at two ends of links
and bandwidth usage, customize link filtering by the link type or status, adjust the link
color based on the interface bandwidth usage, and customize the link name and tips.
Figure 2-18 Automatically adjusting the link color based on the interface bandwidth
usage
l Users can flexibly set the device icon size and style and customize the link thickness and
style to define the device icon or link style for each specific operation and maintenance
scenario.
l Users can customize topology layouts, including circular, star, symmetrical, up-and-
down tree, staggering, and network layer-based deployment.
l Users can set the subnet background as the map, zoom in, zoom out, and move the map,
as well as set NE locations on the map.
l eSight provides the NE mapping function to map NEs to different subnets, so users can
monitor the upper-layer egress devices in the same subnet view. Mapped NEs are marked
in dotted lines to be distinguished from other NEs.
5 Ctrl+R Refresh the topology or restore the last saved status for
the topology.
Topology Editing
Topology editing is an important topology operation, allowing users to visually edit the
system organization, description, and marks in the topology based on the site requirements.
Users can draw boxes, circles, and ovals, and enter text in the topology. Users can save
custom topologies, edit added figures and text, and cut, delete, and switch layers.
Portlet Management
Portlets are views that display devices and network-wide device status in lists, curves, and bar
charts. Portlets are displayed in areas of a home page.
Security Log
Security logs record the security operations that are performed on the eSight client, such as
logging in to the server, changing passwords, creating users, and logging out of the server.
You can query security logs to understand the information about eSight security operations.
System Log
System logs record the events that occur on the eSight. For example, the eSight runs
abnormally, the network is faulty, and the eSight is attacked. System logs help analyze the
operating status of the eSight and rectify faults.
You can query system logs to understand the information about eSight system operations.
Operation Log
Operation logs record the operations that are performed on the eSight, such as adding a
monitoring view and modifying the resource manager.
You can query operation logs to understand the information about user operations.
Obtaining an ESN
You can obtain an ESN from the eSight client. The ESN is required when you apply for a new
license.
Revoking a License
When the ESN changes or the network is adjusted, you can revoke the current license and use
the generated invalidity code to apply for a new license.
NOTE
Only the user with the Revoke License permission can revoke the current license.
A trial license cannot be revoked.
NOTE
Only the users with the Update License permission can import license files.
Data overflow dump includes overflow dump for logs, alarms, performance data, SLA data,
NTA data, virtual resource data, config file manager data, and terminal access data.
Users can acknowledge and clear alarms in the upper-layer NMS, and synchronize the results
to the lower-layer NMSs.
System Monitoring
The maintenance tool allows you to view the memory status and CPU status of the server (if
installed on a physical server) or virtual machine (if installed on a virtual machine).
DB Password Management
The maintenance tool allows you to change the password of a common database user or a
default database user.
Operation Log
The maintenance tool allows you to query operation logs. The operation logs help you learn
about daily operations performed by the sys user.
Change Password
The maintenance tool allows you to change the password of the maintenance tool user sys. To
ensure security, you need to change the password periodically.
Server Management
The maintenance tool allows you to manage NTA and WLAN servers.
KPI monitoring, data comparison, and correlation analysis. Dashboard has the following
advantages:
l Report data on the dashboard is updated in real time, and users can configure the
frequency at which report data is updated.
l Users can customize reports to be displayed on the dashboard.
l Association between reports is supported. When there is a dependency between report
data of different components, the association function allows users to analyze report data
comprehensively.
l Users can import created agile reports to the dashboard to view multiple reports on the
same page.
NE Connection Report
Layer-2 Network device running on the data link layer of an Open System
device Interconnection/Reference Model (OSI/RM) network.
Topology View
l The IP topology management page offers a tree structure on the left and a topology pane
on the right. Topology objects are organized hierarchically by subnet.
l eSight allows you to zoom in or zoom out in a topology view. Meanwhile, an aerial view
is provided for you to understand the entire topology structure.
l You can view the alarm status of devices and links. Detailed device or link information is
displayed in a tip when you bring focus to the device or link.
l Export and print topology images and set a picture as the background of the topology
view.
l Move nodes and save their new positions.
l Use shortcut menus.
Link Discovery
Currently, eSight supports automatic link discovery based on the MAC forwarding table,
interface IP address, LLDP, and CDP, and allows users to manually adjust links.
Display Rule
On the display rule page, you can select fields required for link name rules and tips rules. Tips
are displayed for links in the topology.
Link Hidden
The link hidden function applies to the following scenarios: You want to hide a link in the
physical topology and prevent it from being displayed during automatic and manual
discovery. An incorrect link exists in the topology and needs to be hidden.
After you hide a link in the physical topology or the link management page, the link is not
displayed on eSight. If you want a hidden link to be displayed, click View Hidden Link on
the link management page and restore the link.
Link Deletion
The link deletion function deletes link data from eSight. After eSight discovers deleted links
again, the links can be displayed on eSight.
Terminals that have accessed the network can be discovered either by a manually conducted
immediate discovery or a periodically conducted automatic discovery.
Whitelist
You can configure a whitelist that contains authorized IP addresses and MAC addresses.
When the configuration takes effect, eSight checks whether a discovered terminal is
authorized. If not, eSight records its details for you to acknowledge the unauthorized terminal.
Unauthorized Access
eSight detects unauthorized terminal access based on the IP and MAC address whitelists
configured. With unauthorized access management, you can:
Remote Notification
You can configure eSight to send an email notification upon detecting unauthorized terminal
access.
l You can search for VLAN resources by criteria, such as VLAN ID and VLANIF
interface existence.
l You can create VLANs in batches and deliver created VLANs to selected devices.
l You can delete VLANs. If the ID of the VLAN is the PVID of a port, the PVID of this
port will be restored to 1 after the VLAN is deleted.
l You can search for VLAN devices by subnet, device type, device name, and device IP
address.
l You can configure port VLANs and deliver the configurations to selected ports.
l You can go to the device management page to manage the VLAN of a single device.
VLAN Topology
eSight offers a unified topology view of network-wide VLAN devices and links.
l You can check the device interface types and VLAN details about the two sides of a link,
and check VLAN packets that are allowed to pass on the link.
l You can search for devices and links by VLAN ID, and check devices and links that
allow the pass of a VLAN.
l You can directly add a device to or remove a device from a VLAN.
A template is used to configure the same services for multiple NEs in batches. A planning
table is used to configure similar services for multiple NEs in batches. You can receive task
execution results by email for periodical delivery tasks.
Configuration Task
You can uniformly manage all delivery tasks on the Configuration Task page. You can view
and delete tasks, and modify, enable, or disable periodic tasks. You can also view historical
task delivery records and modify commands to re-deliver failed tasks.
l Configuration file
You can back up and restore the running or startup configuration file of a specified
device, specify a configuration file as a baseline version, and change the FTP operation
types of selected devices (except non-Huawei devices). You can also view the running
and startup configuration files that have been backed up on eSight and export
configuration change reports in Excel format.
You can view configuration files that have been downloaded from eSight to a local
device.
You can compare, download, import, and delete configuration files. The file comparison
function allows you to compare configuration files backed up on the eSight server.
l Configuration change
After a configuration file is backed up, eSight automatically compares the differences
between backup and original configuration files to obtain configuration changes. You
can check the detailed configuration changes, including file addition, deletion, and
modification.
l Email notification
You can create a backup task execution result notification and a configuration file change
notification. You can select a recipient from existing users or user groups (set in System
> System Settings > Set Notified User > User Group) and set the email subject and
notification sending time for the configuration file change notification.
MIB Compiling
You can compile a MIB file and store the compiled file to a specified directory.
MIB Loading
You can upload, compile, load, unload, and delete MIB nodes, and create directories for MIB
nodes.
MIB Operation
After you enter device IP addresses in IP address text boxes, you can use the MIB tool to
perform Get/GetNext/Walk/TableView operations over SNMP-compliant devices. You can
click Stop to stop data acquisition.
l You can create upgrade tasks in three steps and check task summary information.
l You can continue to create upgrade tasks or go to the task management page to check
task execution information.
– You can create upgrade tasks in two steps and check task summary information.
– You can continue to create upgrade tasks or go to the signature database task
management page to check task execution information.
Provides the synchronization function to update devices' signature database versions and
status of scheduled upgrade tasks.
File Management
Manages software versions, patch files, license files, and signature database files.
Storage Settings
You can set the upper limit of the disk space occupied by all the files managed by the device
software management module.
l Network planning: Provides the network planning tool to import location pictures
including the regional background pictures, scale, obstacles, and pre-deployed APs to the
WLAN topology.
l Wizard-based batch service deployment: Delivers wireless service configurations to APs
in batches.
l Unified wireless resource management: Manages ACs, APs, wireless users, and regions.
l User fault diagnosis: Diagnoses user access network faults.
l Wireless network security check: Detects intrusion devices and non-Wi-Fi interference
sources and offers spectrum analysis.
l Visual management over the wireless network topology: Displays locations of APs by
area and coverage areas of the APs. After WLAN location is enabled, wireless terminals,
rogue devices, and interference sources are displayed in the topology.
Configuration Wizard
The WLAN Manager supports wizard-based service configuration. Based on AP planning
sheets, the WLAN Manager delivers and deploys AP services end to end, which improves the
deployment efficiency (approximately 90% compared to manual deployment). (Note: This
function applies to WLAN V2R6 and earlier versions only. The menu entry for this function
is hidden by default in eSight V3R3C10.)
Configuration Management
An AC controls and manages APs on WLAN. With AC management, you can connect an AP
to WLAN in any of the following modes: confirm AP identities, add an AP in offline mode,
and add an AP to the whitelist. (Note: This function applies to WLAN V2R6 and earlier
versions only.)
l Unauthorized AP
The Unauthorized AP page displays APs whose MAC addresses or SNs are not in the
whitelist. On this page, you can acknowledge unauthorized APs in batches to add them
to the whitelist. Then, APs in the whitelist are brought online.
l AP whitelist
Network administrators can add MAC addresses of APs or AP SNs to an AP whitelist to
allow the APs to go online normally.
l AP blacklist
Network administrators can add MAC addresses of APs to an AP blacklist, preventing
unauthorized APs from going online.
l User blacklist
Network administrators can add MAC addresses of wireless users to a user blacklist,
preventing unauthorized users from connecting to APs. Network administrators can also
blacklist unauthorized users and set the AP countermeasure mode to user blacklist. The
system performs countermeasure against devices from the user blacklist.
l SSID whitelist
Network administrators can configure SSID whitelists to detect unauthorized devices in
a more accurate and efficient manner. SSIDs that exist in surrounding environments but
have no impact on the wireless network quality are added to the whitelist and will not be
recognized as unauthorized devices.
The profile management function allows you to configure NE predefined profiles.
l AP profile
You can specify the maximum transmission unit of the AP Ethernet port and configure
log backup.
l Radio profile
The radio profile is used to specify parameters such as the radio type, rate, power, and
whether to occupy a channel during wireless transmission.
l ESS profile
The ESS profile is a set of service parameters, such as the SSID name, service VLAN,
ESS interface for data transmission, maximum number of access users, and WLAN user
access security management. After an ESS profile is bound to a specified radio on an AP,
the service parameters are applied to a virtual access point (VAP), a wireless service
functional entity.
l This function allows users to configure multiple ACs simultaneously and supports AP
group management and profile management in the Object Manager of each WLAN
device of V2R6 or a later version. You can create, delete, modify AP groups, and
manage group members and profiles on ACs, as shown in the following figure.
The Region Object Manager provides the following information: physical resources over the
entire network or in each region, resource statistics, performance statistics, user statistics,
spectrum analysis, and Wireless Intrusion Detection System (WIDS).
l Physical resources
AC: AC status, name, type, IP address, AP authentication mode, forwarding type,
country code, subnets, total number of APs, number of online APs, and number of online
users
AP: AP status, name, alias, type, category, SN, MAC address, IP address,
countermeasure, radio's working mode, AC name, home region, location, WLAN
location, subnets, and number of online users
User: current access users and historical access users
SSID: SSID, AC name, ESS profile name, and Fat AP name
Region: region name, total number of APs, total number of online APs, and total number
of online clients
NOTE
When WLAN location is enabled, the number of WLAN location-enabled APs and their locations
in the region are displayed.
l Resource statistics
Network overview: includes online WLAN user statistics, Top N SSID user statistics,
and wireless resource statistics. For details.
l Performance statistics
Terminals associated with APs, AP physical resources, AP traffic, radio traffic, user
traffic, and real-time WIDS attacks
l Current access user
Number of current access users.
l User access history
Historical data about user access.
l Spectrum analysis
After the AP radio spectrum function is enabled on devices, users can view the signal
interference information around APs on eSight. Users can determine the channel quality
and surrounding interference sources on spectrum charts. Spectrum charts include real-
time FFT, depth, channel quality, channel quality trend, and device percentage charts.
l Security
eSight monitors and recognizes unauthorized devices, clients, interference sources, and
attacks based on user-defined rules, sends remote alarm notifications, and offers
protection measures.
1. Supports the statistics collection, display, and countermeasure of unauthorized
devices.
2. Supports the display, countermeasure, and suppression access protection of
unauthorized clients.
3. Supports the statistics collection and display of unauthorized Wi-Fi interference
sources.
4. Supports the statistics collection, display, and countermeasure of attacks.
5. Classifies unauthorized APs into rogue, suspected-rogue, adjacent, suspected-adjacent,
and interference APs. Supported rules include adjacent or same frequency interference,
signal strength, SSID (fuzzy or regular expression), number of detected APs, and attack.
l Object Manager
Uniformly displays WLAN service data and performance data by AC, AP, radio, and
terminal on the Object Manager.
Region Monitor
Region monitor is user-centric and integrates region-based user experience data.
l For a non-bottom-layer region, you can set a GIS map as the subnet background. In
addition, you can zoom in or out the map, move the map, and set locations on the map.
l The bottom-layer region integrates the Location Topology function in earlier versions.
You can deploy APs in regions, view the hotspot coverage, and detect signal coverage
blind spots and conflicts promptly. If the license of WLAN location is applied and
WLAN location is enabled in a region, the locations of wireless users, unauthorized
devices, and non-Wi-Fi interference sources are refreshed in the topology at regular
intervals.
1. Displays the hotspot location and radio signal coverage in the location topology and marks
conflict regions.
2. Pre-deploys APs and displays the simulated radio coverage. After APs get online, eSight
switches between the APs and displays the actual radio coverage.
3. Map settings: Hides and displays nodes in regions by filter criteria. The filter criteria
include users, rogue APs, rogue Ad Hocs, rogue bridges, unauthorized clients, and
interference sources. If AP location licenses are available and WLAN location is enabled in a
region, the latest locations of unauthorized devices and interference sources are refreshed in
the topology.
4. Terminal display/Hot line/Hot map switching: Click Map setting, then the Terminal
Location tab, and select Show terminal. A dialog box is displayed, showing terminals to be
displayed. Select required terminals and click OK. Terminal information including the latest
terminal coordinates is displayed in the topology view.
Switching to hot line display: After you click Show hot line and select the date, hot lines are
displayed in the topology.
Switching to the hot map: After you select Show heat map, located terminals are displayed in
the hot map, showing the user density.
5. Coverage region division: O&M personnel can further divide a region in the topology into
multiple sub-regions to support fine-grained statistics collection, such as location-based user
traffic statistics. Currently, the coverage region division function applies to terminal location
only.
6. Displays the mesh network topology of devices and basic information about mesh links in
Region Monitor and monitors mesh link quality.
7. Displays the movements of end users in the Region Monitor. Right-click an end user and
select a preset time range or user-defined event range. The Region Monitor displays the user
movements within the selected time range.
Fault Diagnosis
1. WLAN user fault diagnosis: Diagnoses network quality for online users in terms of users,
SSIDs, APs, and ACs. If detecting any exception, the system displays potential problems and
gives suggestions for you to rectify the exception. (Note: This function applies to WLAN
2. With the basic fault diagnosis function as well as Syslogs and performance data, the
WLAN Manager provides diagnosis tools to help network administrators troubleshoot
problems such as network access failures, frequent offline, and weak signal during WLAN
O&M. (Note: This function applies to WLAN V2R6 and later versions only.)
eSight allows users who initiate diagnosis to view the connections among diagnosis
objects (including the connections between terminals and servers) as well as detailed
object information.
l Viewing diagnosis result
eSight classifies diagnosis results into the following types: terminal check, air interface
check, AP check, mesh check, AC check, and connectivity check. The AAA server
checks eight types of information and provides fault causes and rectification suggestions.
O&M personnel can rectify faults based on their own experience and the rectification
suggestions.
l Viewing associated information
eSight allows users to view associated information about terminals, air interfaces, AP,
ACs, DHCP, and AAA.
l AAA Test
To supplement fault diagnosis, AAA Test detects problems occurred during user
authentication.
l AC Ping
To supplement fault diagnosis, AC Ping detects connectivity between an AC and a
destination device (usually a server) by pinging the device from the AC.
l Trace
To supplement fault diagnosis, Trace collects and exports logs about APs and clients to
help determine the fault causes.
l Log Viewer
To supplement fault diagnosis, Log Viewer collects log statistics on diagnosis objects to
help analyze the stages during which faults are likely to occur and allows users to view
and export log details.
3. Offers related fault alarms about communications, environments, unauthorized devices, and
unauthorized Wi-Fi interference sources to help users locate and rectify faults.
4. Monitors WLAN network devices and resources to help users better understand the running
status of the network and devices.
Report Management
eSight provides predefined reports for AP uplink interface traffic, channel usage, online radio
users, online wireless users, Top N user access failures, and Top N user login counts, and
provides fast reports and predefined reports for AP association statistics, AP traffic statistics,
AP rate statistics, region-based user counts, and region-based average terminal dwell
durations.
By default, SLA Manager offers 24 services. You can also customize services to meet your
specific demands. SLA Manager offers the Dashboard to globally monitor SLA tasks and
allows you to quickly learn the quality of all or specific services on the live network. On the
SLA view page, you can establish a view that consists of multiple tasks, which helps you
compare task data. Quick diagnosis helps you quickly diagnose the links and carried services
between source and destination devices, facilitating network fault location.
Dashboard
The SLA dashboard globally monitors SLA tasks and displays the recent smart policy tasks,
SLA test instance counters, and minimum SLA compliance. You can add tasks to and delete
tasks from the dashboard and set the criteria to filter SLA tasks to be displayed on the
dashboard.
Quick Diagnosis
You can use this function to measure the SLA service quality without creating any task.
Historical Data
Historical service quality data such as the overall compliance and the data of a single counter
is displayed in graphs. You can click an SLA task name on the SLA task page to switch to the
historical data page of this task.
Historical data of multiple SLA tasks can be displayed on the same page.
You can switch from historical SLA data to historical NTA data and historical QoS interface
data.
SLA Reports
This module provides SLA service quality reports, SLA task counter reports, and Top N SLA
compliance reports.
Service Diagnosis
With service diagnosis, eSight measures network quality and displays collected data (such as
the delay, jitter, packet loss ratio, and DSCP value) by segment, helping you evaluate service
quality. eSight locates the network location where a quality problem occurs based on
statistical data, helping you rectify faults and ensuring service continuity.
l Template Management
eSight offers four default network service quality assessment templates with
performance counters such as the delay, jitter, and packet loss ratio. You can also
customize counters in the templates based on your site requirements.
1. Video diagnosis template, used to assess the network quality of video services
2. Voice diagnosis template, used to assess the network quality of voice services
3. Telepresence diagnosis template, used to assess the network quality of Telepresence
systems
4. Desktop cloud diagnosis template, used to assess the network quality of desktop cloud
systems
l Service Diagnosis
eSight diagnoses the network service quality and allows you to efficiently locate network
faults and assess network quality. Before performing service diagnosis, select the
corresponding template.
To perform Telepresence diagnosis, select a Telepresence diagnosis template.
Diagnosis results are displayed by segment. Each record in the table indicates network
condition between source and destination devices.
Device-level Measurement
iPCA-capable devices are deployed on the enterprise campus network. iPCA can be
performed on these devices and Layer 2 direct links between the devices. eSight provides a
network topology to show whether unicast IP packets are lost in this area in real time. If
packet loss occurs, eSight can show the device where packets are lost, the packet loss ratio,
and the number of lost packets. eSight provides the following iPCA functions:
1. Displays the latest packet loss measurement result of the devices and links in the
topology view.
2. Reports an alarm when the device or link packet loss measurement result exceeds the
preset threshold.
Network-level Measurement
The branch networks of an enterprise are connected through a carrier's network. The egress
device of each branch functions as a CE to connect to the carrier's network. The enterprise
needs to evaluate service quality on the carrier's network. When service quality degrades, the
enterprise network administrator needs to check whether the problem is caused by the carrier's
network. iPCA network-level monitoring is deployed on the egress devices of the campus
network to monitor service quality of the carrier's network.
2. The administrator needs to check the terminals. If packet loss occurs between the
Telepresence server and terminal, check which node or link has lost the packets.
3. Check the packet loss measurement results of devices on the service forwarding path to
quickly locate the faulty node.
Dashboard
The QoS dashboard displays the Top N tasks with the highest QoS performance counters,
which helps you find regions with excessively high traffic.
QoS Configuration
You can view QoS configuration of the devices.
Historical Data
Historical QoS traffic data shows the change of QoS traffic, helping O&M personnel obtain
historical data information.
Configuration Management
eSight NTA allows you to configure devices, interfaces, protocols, applications, alarms, host
name resolution, DSCPs, IP groups, application groups, interface groups, and DSCP groups.
l Configuration navigation
When you are using eSight for the first time, follow the configuration navigation on the
GUI to complete traffic monitoring settings step by step.
l Collector configuration
You can view the IP address and status of the current collector and set the Top N count
for interface session collection (Top30 by default). After the traffic forensics function is
enabled, the original flow files of the collector are uploaded to the analyzer.
l Device configuration
eSight displays all devices that report traffic. You can monitor specific devices.
l Interface configuration
eSight displays the device interfaces which send NetStream packets to the analyzer. You
can set the incoming traffic rate, outgoing traffic rate, and sampling ratio on interfaces to
ensure that eSight NTA can correctly collect traffic data. The sampling ratios on eSight
must be the same as those on devices. Telnet login user name and password are
configured for Huawei devices, and eSight can synchronize sampling ratios from device
interfaces.
l AP configuration
eSight displays the device interfaces which send NetStream packets to the analyzer. You
can set the sampling ratio to ensure that eSight NTA can correctly collect traffic data.
The sampling ratios on eSight must be the same as those on devices.
l Protocol configuration
You can monitor specific protocols as needed.
l Network application
eSight lists 543 frequently-used network applications and classifies them into pre-
defined applications and user-defined applications. You can define important
applications.
– Pre-defined application: preset applications and applications identified and reported
by devices
– User-defined application: network application that is added by users and can be
defined based on the protocol (UDP/TCP), port range, and IP address range
l DSCP configuration
eSight lists 64 frequently-used DSCPs and allows you to rename DSCP names.
l IP group configuration
Groups IP addresses that have certain common attributes, which helps users to view
traffic information about IP address groups.
l Application group configuration
You can classify applications into an application group as required to view traffic
information about a specified application group, such as the email group.
l DSCP group configuration
You can classify associated service types into a DSCP group to view traffic information
about a specified DSCP group, such as the voice group.
l Interface group configuration
You can add related interfaces to an interface group to view traffic information about a
specified interface group.
l Alarm configuration
You can specify the thresholds for triggering alarms for certain applications, hosts, and
DSCP rates and the conditions for clearing the alarms.
l Host name resolution configuration
You can specify whether to enable DNS and NetBIOS resolution to resolve IP addresses
into DNS domain names or NetBIOS host names. After DNS and NetBIOS resolution is
enabled, eSight can display traffic by host name.
l Carrier configuration
In a cloud DC, users can configure the EIP range and bandwidth for carriers.
Traffic Dashboard
NTA provides the traffic dashboards function and displays the real-time entire-network traffic.
l The dashboard offers rankings about the interface traffic, interface utilization, device
traffic, application traffic, host traffic, DSCP traffic, and session traffic.
l You can customize the display format and content. The following operations are
available: links, maximize, and minimize.
Traffic Analysis
eSight NTA can analyze traffic on enterprise WAN egress links and wireless campus network
from multiple dimensions.
1. Traffic analysis on enterprise WAN egress links
eSight NTA offers drill-down network traffic analysis capabilities. You can view more details
about traffic step by step. eSight NTA can analyze detailed traffic information on egress
devices, link interfaces, applications, DSCPs, hosts, sessions, interface groups, IP groups, and
application groups.
You can obtain traffic distribution on WAN links and view traffic information on link
interfaces.
eSight can work with Huawei devices to analyze bandwidth usage of dynamic applications,
such as BT, eMule, and other P2P applications.
The drilling-down function enables you to set filter criteria to view session details.
eSight works with Huawei WLAN devices AC6005, AC6605, or ACU2 to display the
application traffic distribution on a wireless enterprise campus network. You can select a
region or SSID to view application traffic in the region. You can also click an AC or AP to
view application traffic of an AC or AP.
In a cloud DC, eSight works with IAM, VPC, and RMS systems to provide traffic analysis by
EIP, rate limit group, customer, and carrier, keeping users abreast of DC traffic distribution.
eSight collects statistical data about EIPs, customers, and rate limit groups with top traffic
occupations, helping users rapidly detect public IP addresses that cause network congestions.
The preceding figure shows the traffic trends. Users can check DC traffic components by
application and session.
l Supports multiple modes of displaying the traffic data: pie, table, line chart, and region
chart.
l Supports multiple summary types: application summary, session summary, DSCP
summary, host summary, and interface summary.
l Supports multiple filtering conditions: by source address, by destination address, by
application, and by DSCP.
l The report system can generate instant reports and periodical reports.
– Instant report
Users need to manually run an immediate report task. Once an immediate task is
executed, a report reflecting the statistics at that time is generated. After the task is
performed successfully, the status is displayed on the page. The report contains
detailed traffic statistics and figures.
– Periodical report
After eSight performs a task at an interval specified by the user, traffic statistics of a
specified period is displayed.
l You can export a single report or batch reports.
l eSight can send reports by emails.
Traffic Forensics
When detecting abnormal traffic on the network, the system allows you to obtain original
traffic data which helps you locate the network fault.
The system displays traffic forensics results by seven key fields. For example, you can check
whether viruses exist by comparing protocols, ports, and packet rates, and check whether
protocol attack threats exist by TCP flags.
Traffic Alarm
You can create threshold alarms for eight traffic types, such as application, server, and
session. When the traffic has reached the threshold for specified times within a specified time
segment, an alarm is automatically generated. When the traffic meets alarm clearance
conditions within a specified time segment, the alarm is automatically cleared. eSight can
notify users of alarm generation or clearance by emails.
You can create, copy to create, delete, enable, and disable threshold alarms on the traffic
threshold alarm configuration page. You can choose the objects to be monitored, and set the
alarm severity, threshold, and repetition times based on the historical traffic data.
You can check traffic alarms on the current alarm page, and switch to the traffic analysis page
to view traffic details within the time segment.
After host name resolution is configured, eSight displays traffic by host name, as shown in the
following figure.
Overview
The IPSec VPN overview provides you visibility into overall IPSec VPN services, including
the number of IPSec tunnels, received and sent packet rates, traffic rates, and packet loss
ratios of an IPSec tunnel or all IPSec tunnels, number of remote access users in an IPSec
tunnel, and service alarm list. Figure 2-87 shows the overview information.
Discovering Services
Huawei eSight automatically discovers IPSec VPN services of some or all devices on the
Hub-Spoke and Site-to-Site networks. Figure 2-88 shows service discovery on eSight.
On the service list, you can: Rename the services and service group. Search for, delete, and
move services and perform quick diagnosis. Display global parameters. Monitor performance
in real time. View tunnel information. View topology and alarm details by clicking topology
and alarm links.
You can move the selected services to another service group. Figure 2-92 shows
movement of a service from one group to another.
l Viewing topology
In a service list, you can click the topology link of a service to view the IPSec VPN
topology.
l Viewing alarms
If the alarm status of a service is abnormal, you can click the alarm link to view the
alarm information about devices at both tunnel ends.
Service Topology
The service topology provides you visibility into IPSec VPN services. The display of an
IPSec VPN service topology supports the following scenarios:
Monitoring Alarms
The alarm status in a service or service group list shows the generation and rectification of a
service fault. The service link in the topology displays the alarms of different severities in
different colors. After identifying a service fault, you can access the alarm list to view detailed
alarm information and locate the fault.
Monitoring Performance
The global and IPSec VPN performance monitoring functions provide you visibility into
traffic of network devices and services, including the packet rate, traffic rate, packet loss ratio,
number of tunnels, and number of remote access users. Figure 2-97 shows real-time
performance monitoring.
l Wizard-based batch service deployment: Deploys VRF, interface, and routing data for
PEs and CEs in batches.
l Convenient and quick automatic discovery: Automatically discovers deployed VPN
services without specifying device roles.
l Visualized service topology: Visually displays the logical architecture of PE-PE and PE-
CE services, and shows service alarms in real time.
l Multi-dimensional service monitoring: Monitors the running status of monitoring
services in terms of the alarm, performance, and service link SLA.
l One-click fault diagnosis: Diagnoses VPN service faults by segment and layer, and using
diverse approaches.
Service Deployment
eSight offers graphical, wizard-based, and end-to-end service deployment capabilities and
helps you easily and quickly deploy new VPN services, add VPN access points, and adjust
existing VPN services, improving service maintenance efficiency. eSight allows you to deploy
services in the Full-mesh, Hub-Spoke, MCE, and customized networking types, and deploy
OSPF, ISIS, static, and EBGP routing protocols between PEs and CEs. Figure 2-101 and
Figure 2-102 show the pages for MPLS VPN service deployment and performing detailed
configurations.
Automatic Discovery
eSight discovers MPLS VPN services automatically in the following network schemes: Full-
Mesh, Hub-Spoke, Multi-VPN-Instance CE (MCE), HoVPN, inter-AS Option A, and inter-
AS Option B. You do not need to specify the PE and CE devices for automatic discovery.
eSight can automatically identify device roles based on the service configuration and discover
service logic between PEs and between a PE and a CE. Figure 2-103 shows the page for
discovering MPLS VPNs automatically.
Quick Diagnosis
eSight offers one-click fault diagnosis to diagnose faults by segment (PE-PE, PE-CE, CE-CE,
and PE-remote CE) and layer (L3 routing and MPLS forwarding layer) using multiple
approaches (ping, trace, and routing collection). Figure 2-105 shows the MPLS VPN quick
diagnosis page.
Service Report
eSight offers statistical reports on interface traffic, VRF traffic, and VRF routing. Interface
traffic reports allow you to learn about the historical interface data about each VPN service.
VRF traffic reports allow you to learn about the distribution of VPN traffic on each PE.VRF
routing reports allow you to learn about the routing change information about CE access of a
VPN service. In terms of traffic and routing, the preceding three reports offer data reference
for you to perform some operations, such as capacity expansion. Figure 2-106 shows the
MPLS VPN service report page.
Automatic Discovery
eSight automatically discovers MPLS tunnels on the network, including MPLS TE and LDP
tunnels, as shown in Figure 2-107.
Tunnel Monitoring
eSight supports active-standby and bypass protection for MPLS TE dynamic tunnels and
monitors Static-CR signaling-based static tunnels. The following tunnel information is
monitored: tunnel backup status, running status, and tunnel alarms.
eSight supports interaction between MPLS tunnels and L3VPN services and allows you to
check VPN services carried on MPLS TE tunnels.
Tunnel Topology
eSight monitors MPLS tunnel status, link status, and node status through tunnel topology and
allows you to view MPLS information of devices, as shown in Figure 2-108.
l MPLS capabilities of MPLS TE tunnels and interfaces, DS-TE information, and link
bandwidth.
l MPLS capabilities of MPLS LDP virtual tunnels and interfaces.
Quick Diagnosis
eSight provides the MPLS tunnel diagnosis function. eSight can diagnose route-based
forwarding, label forwarding, and tunnel configuration at tunnel nodes. If a fault occurs,
eSight can diagnose and locate tunnel faults and provide detailed diagnosis results, as shown
in Figure 2-109.
Secure Center effectively manages security policies on a large number of Huawei firewalls.
Major functions are as follows:
1. Basic configuration
– You need to complete some operations and configure public resources before eSight
can manage policies. You may use the public resources when you configure security
policies. The basic configuration includes authorization management, device group
management, virtual device management, public objects, and security profiles.
– The public objects and security profiles can be used in NGFW policy management.
Firewall policy management has its own public objects.
– Device groups can be used in management of firewalls, and NGFWs.
2. Device global configuration
– Device global configuration is used to filter files and junk emails. It is mainly
configured for NGFW firewalls.
3. Security policy analysis
– Supports redundancy, risk, hit, and comprehensive analysis on security policies for
firewalls.
– Supports redundancy, risk, hit, and comprehensive analysis on security policies for
NGFWs.
4. Firewall security policy management
– Supports batch configuration and deployment of firewall security policies.
– Supports centralized configuration of public objects, such as address sets, time
ranges, services.
– Supports virtual firewall management and virtual firewall-based security policy
configuration.
5. NGFW policy management
Basic configuration
l Supports policy authorization and management for security devices. You can view the
devices that the Secure Center is authorized to manage through licenses.
l Anti-Spam
l Hit analysis
Secure Center can read the device policy hit data to analyze policy hit conditions for a
maximum of 20 devices each time. The policy hit analysis result is displayed based on
interzones in terms of the hit counts and details about public objects configured for the
policies.
The policy hit analysis can be displayed in either of the following modes: PDF file and web
page. The web page mode provides more interactive functions. You can query the policy hit
condition of a specific device.
l Risk analysis
Secure Center can check whether the security policies configured on eSight are risky. If
you synchronize data before executing the risk analysis task, Secure Center can analyze
the risks of security policies configured on the firewalls. Using a risk analysis algorithm
and based on the specified risk analysis rules, Secure Center calculates the number of
policies with high, medium, or low risks. In addition to default system-defined risk rules,
you can create user-defined risk rules. Secure Center can analyze the policy risks of up to
20 devices each time. The analysis result is displayed using a grouping histogram to
show top 5 devices and the number of high-risk, medium-risk, and low-risk policies. It
can also display the number of high-risk, medium-risk, and low-risk policies of all
selected devices in tables.
l Comprehensive analysis
Secure Center can comprehensively analyze firewall security policies. Based on the
comprehensive analysis result (number of redundant policies, risky policies, and
unmatched policies), Secure Center uses a health degree algorithm to provide a score for
policies on each firewall, helping the administrator understand the overall O&M
condition of firewall policies.
The comprehensive analysis task can be executed manually or periodically. The analysis
result is displayed as lists and pie charts. You can obtain the device policy overview and
historical curve of device's health degree and export the analysis result to a PDF report.
l Policy query
You can query policy deployment status and policy context (interzone policy priorities) on the
Security Policy page. Policies on the top are matched first.
l Policy deployment
Secure Center supports centralized and batch policy deployment. After centralized policy
configuration is complete, you can select physical or virtual firewalls and click Deploy to
deliver security policies in batches, reducing O&M workload and operation costs.
l Policy discovery
Secure Center supports centralized and batch policy discovery. You can synchronize policies
configured on managed devices to eSight.
l Policy removal
Secure Center supports centralized and batch policy removal. When the network is
reconstructed or migrated, you can remove unneeded policies by one-click to secure
enterprise information.
l Policy query
You can query policy deployment status and policy context (interzone policy priorities) on the
Security Policy page. Policies on the top are matched first. You can query policy group
information, including the deployment status and whether the policy group is enabled.
l Policy deployment
Secure Center supports centralized and batch policy deployment. After centralized policy
configuration is complete, you can select physical or virtual firewalls and click Deploy to
deliver security policies and security policy groups in batches, reducing O&M workload and
operation costs.
l Bandwidth Management
l ASPF configuration
ASPF filters the application-layer packets. That is, it is a stateful packet filtering method.
After ASPF is enabled, the NGFW can identify multi-channel protocols and provide
security policies accordingly.
l Policy deployment
Secure Center supports centralized and batch policy deployment. After centralized policy
configuration is complete, you can select physical firewalls and click Deploy to deliver
security policies and security policy groups in batches, reducing O&M workload and
operation costs.
eSight LogCenter offers comprehensive logs analysis and audit functions over Huawei
security products.
LogCenter implements unified log management and provides multiple log collection methods
to collect Syslogs, session logs, SFTP logs, FTP static files, and FTP dynamic files. After logs
are collected from application systems and NEs, eSight LogCenter can classify, filter,
consolidate, analyze, store, and monitor the logs. These functions enable administrators to
manage massive logs in a more efficient manner to obtain the running conditions of network
and security devices, learn Internet user behavior, and quickly identify and eliminate security
threats.
In addition to unified log management, eSight LogCenter generates alarms in real time when
detecting exceptions from logs.
NAT-based Traceability
eSight LogCenter provides Network Address Translation (NAT)-based traceability of Internet
user behavior. When tracing Internet user behavior, eSight LogCenter collects session logs
from network and security devices such as MA5200G, NE40E/80E, and USG firewalls. Then
eSight LogCenter analyzes the logs in combination with user data sources (such as the AAA
server) to obtain NAT information. NAT information includes the destination IP address,
destination port, source IP address, and protocol.
Administrators can manage the SVF capabilities of agile switches and CE switches to
implement device monitoring, user management, and service deployment on SVF networks.
An SVF network is displayed as one device in the topology and panel, which facilitates
centralized management of device running information and alarms on the entire network. The
information includes the running status of parent and client devices and connection status of
links between SVF members.
Configuration Management
l Template Management
Administrators can create, modify, and delete SVF service templates.
l Service Configuration
eSight provides three configuration matrixes to instruct users to quickly deploy SVF services,
the matrixes are SVF system configuration matrix, SVF port configuration matrix, and SVF
maintenance and configuration matrix.
2.15.22.1 Device 3D
The device 3D app allows you to download and install the apps of the specified device types
to view description and 3D appearance of devices, facilitating material promotion to mobile
terminals.
Currently, the device 3D app supports 44 types of devices, including switch, router, firewall,
and server.
Adding to Favorites
If you are interested in materials of a specified device type, you can add the materials to
Favorites. When you open the app the next time, you can directly view materials in
Favorites.
l You can view detailed information about a region, including user experience counters in
this region and basic information about its lower-layer regions.
l You can view information about root cause counters associated with user experience
counters.
The 360-degree WLAN monitoring app monitors wireless network quality from the
perspective of client, AP, and AC.
l Displays details about ACs, AP, and clients to obtain the current counter values and
suggestions.
l You can customize homepage picture details for the monitoring center.
map location information with deployment files. Hardware installation personnel log in to the
app to download location information and general configurations from eSight. Hardware
commissioning personnel scan device ESNs and upload location information and scanning
results to eSight to form the mappings between ESNs and deployment files.
The zero touch provisioning app allows you to view planned deployment tasks by the device
or task.
Click the device ID and the scanning icon next to Remarks on the device details page to
switch to the scanning page. On this page, you can scan QR code or bar code.
After scanning is complete, click Upload at the bottom of the device or task list to upload
information to eSight.
Click Download at the bottom of the device or task list to download deployment data to the
app.
2.15.22.7 SDK
eSight Mobile releases the open SDK to allow enterprises or third parties to develop their own
applications based on service needs, building a win-win ecosystem.
2.15.22.8 iPCA
eSight Mobile releases the iPCA application to provide the iPCA capability on mobile
terminals. The application enables users to create, manage, and view iPCA tasks and perform
hop-by-hop network quality measurement on terminals.
eSight Mobile supports hop-by-hop diagnosis and displays data in real time.
Users can select the source and destination nodes to create a task.
Overview
eSight displays PON-related overview in graphics. The current version displays ONU status
statistics in a pie chart.
ONU Topology
Users can click the PON port of the OLT to display connection relationships under the PON
port. This feature intuitively displays OLT ports and ONU status (online, offline, and alarm)
to users.
PON Portal
eSight allows users to customize the PON service portal and intuitively displays performance
indicators for users to learn about the running status of PON services. Indicators include:
TopN OLT Ethernet port receive/transmit bandwidth usage, TopN OLT Ethernet port receive/
transmit packet loss, total number of OLTs and resource status quantity, total number of
ONUs and resource status quantity, and TopN LOFI alarms.
Signaling Tracing
Signaling tracing is used to trace and monitor the protocol messages, connection of port
signaling links, and service flows dynamically and in real time. With signaling tracing, users
can know the signaling cooperation, facilitating fault location.
Trunk Tracing
With trunk tracing, users can learn about trunk information in real time.
Automatic NE Connection
With this function, eSight automatically creates NE connections in the topology.
l File storage: Shows logical mappings among front-end ports of NAS engines, NAS
engine nodes, file storage pools, data disks, and LUNs and disks of storage units.
l File storage: capacity usage management of storage devices, file storage pools, data
disks, and unshared file systems
l Host path view: Monitors physical storage paths and displays complete paths among
hosts, host disks, HBA ports, switches (ports), front-end disk array ports, disk array
controllers, disk arrays, and volumes (LUNs).
In the global and user-defined topology, you can click an NE or link (available to the
global topology only) to view the historical and real-time performance indicator trend
chart of the NE or link, facilitating fault location and data analysis.
When the customized devices take effect, add the devices to the NMS by automatic discovery,
singly, or in batches.
Capacity summary shows the used capacity and allocated capacity of hosts' databases and file
systems. Capacity trend forecast provides the capacity usage trend in the next one month.
Web Mode
In the web mode, users can create storage pools, LUNs, and host mappings.
To configure resources for devices with different specifications and requirements, users can
use the templates to create multiple resource configuration tasks, performing batch resource
configuration.
l Overview
– Displays basic server information and health status.
l Component information
– Displays basic component information and health status.
– The device view visually displays server rack graphs and displays basic server
information and health status.
Alarm Monitoring
eSight centrally manages alarms for all the managed devices, supports alarm reporting,
queries, and notification processing, and processes component insertion and removal events as
alarms.
Performance Analysis
eSight analyzes the following performance counters: server power consumption.
When the customized servers take effect, add the servers to the NMS by automatic discovery,
singly, or in batches.
Quick Start
Stateless computing provides a quick start, guiding users to define server configurations step
by step and configure a logical server. When the configuration is complete, the configuration
can be loaded into specific servers for activation.
Pool Configuration
A pool defines the network adapter, HBA card, and UUID ID information to dynamic manage
IDs.
Adapter
The adapter is used to define HBA, CNA, and RAID configurations. Creating a profile
requires an adapter to define adapter information on a logical server.
BIOS Policy
Users need to define BIOS policies. Creating a profile requires a BIOS policy to define BIOS
configuration on a logical server.
Device Set
A device set is used to manage stateless computing devices by category. Users can use a
device set to associate and activate devices and profile files. After activation, hardware
configurations in the profile will apply to devices.
Device Group
This function allows users to manage devices by group. Devices within a group share a profile
to load server configurations in batches.
Configuration Template
The configuration template is used to create and manage deployment-related templates. A
configuration template is used to quickly create configuration files.
Cluster Management
l Displays basic cluster information in a list, and display details on the details page.
l Displays basic information and details about a virtual server within a cluster.
l Displays statistics about the capacity of a selected cluster, as well as the status of virtual
servers and VMs within a cluster.
VM Management
l Displays basic VM information in a list, and display details on the details page.
l Provides a VM hyperlink for users to check VM details on the NE manager.
l Quickly searches for VMs by criteria.
l Provides mapping topologies between virtual components (VM disk and network
adapter) and physical resources (storage devices and servers), and updates component
status and performance data in real time.
l Provides connection topology management over virtual servers and storage devices
related to VMs, presenting the traffic path for data flows of VM services via the data
center egress.
l Supports global search and quickly locates resource instances, including clusters, virtual
servers, and VMs.
l Performs particular monitoring over specific VMs. Users can quickly locate clusters,
virtual servers, and VMs with top N CPU usage, memory usage, and hard disk loading,
facilitating resource monitoring and fault locating.
Type Application
Linux
Solaris
FreeBSD
OpenBSD
IBM AIX
IBM AS400
SCO Unixware
SCO OpenServer
Database DB2
Informix
MySQL
Oracle
Type Application
SQLServer
Sybase
DM database
Middleware IBM MQ
MS MQ
MicroSoft SharePoint
Weblogic Integration
Jboss
Tomcat
MicroSoft .Net
Resin
Weblogic
WebSphere
Microsoft IIS
Network service
Web page
LDAP
DNS
FTP
Application Monitoring
l Provides application resource overview to present the health status and key indicators of
a variety of application resources. Users can customize information to display, and
configure the automatic refresh period of monitoring information.
l Provides the application resource details view to aggregate and present application
resource details and monitoring data.
Business View
eSight can manage application resources as services in topologies. In topologies, you can
clearly view the relationships between application resources, such as servers, middleware, and
databases. You can also view alarm status of IT resources and perform common maintenance
operations, for example, viewing alarm and application information.
l Topologies can intuitively show mapping between resources and services to achieve
quick and accurate fault location.
l eSight provides a clear overview for administrators about the running status of the
overall service system, such as the downtime, availability, mean time to repair(MTTR),
and mean time between failures (MTBF).
Threshold Alarm
eSight triggers alarms when an indicator of application resources meets the specified
conditions. As for the same indicator, eSight generates alarms of different severities based on
the value of the indicator.
Application Report
During the operation, eSight collects a large amount of data and saves it to the database. The
database then summarizes, analyzes, and calculates the data, and exports graphical reports that
are easy to understand. These reports help maintenance engineers analyze the IT environment
and give support for system optimization and capacity expansion.
View Management
The eSight Infrastructure Manager provides views displaying the positions and operating
status of all the devices in the data center. This function allows you to monitor the devices in
real time.
Video Management
The video management develops the following functions:
l eSight can connect to IP cameras.
l eSight can also independently deploy video integration over the web user interface
(WebUI).
l eSight allows you to view real-time videos, query video source configurations, and save
the configuration information.
l Camera management
You can create or delete a camera, query cameras based on the name or IP address, view
detailed information about a camera, such as the name, No., recorded location, supplier,
IP address, model, and status, and modify the information.
Report Management
eSight provides resources, performance, energy consumption, and capacity statistics reports:
l Presents reports in graphics, such as curves, histograms, and pie charts.
l Allows you to export reports as an Excel or PDF file and print reports for analysis.
l Allows you to modify the report storage capacity and upload customer logos.
l Generates reports based on tasks, saves periodic reports in a report storage disk, and
sends reports by email as configured.
Access Control
The eSight Infrastructure Manager provides an access control system that manages access
controllers and access control card holders of cabinet-level access controllers.
l Access control: provides an access control system that manages access controllers and
event monitoring. The access management function enables you to configure IP
addresses for access controllers and configure the management server.
l The time management function enables you to manage the access control in the specified
time periods or holidays.
NOTE
The cabinet-level door status sensor does not support the time management function.
l The user management function enables you to manage the users and user groups.
Temperature Map
The overall temperature distribution of the equipment room is clearly displayed.
The cold and the hot spots can be effectively identified:
l The analyses of temperature distributions on top, middle, and bottom levels are
available.
l Place the mouse where you want to query and temperature and related device
information can be displayed.
l The top 5 high temperatures and top 5 low temperatures can be analyzed.
Linkage Control
This function helps improve O&M service quality in an IDC. The following two linkage
controls are available:
NOTE
To use these functions, users must have eSight EC/CC Device Manager installed.
l (Recommended) Batch import: After you specify the IP address, port number, login user
name, and password of each IP PBX that you want to connect to eSight in a template, the
IP PBXs can be imported to eSight in a batch.
l Automatic discovery: eSight can use the automatic discovery function to add IP PBXs
automatically.
l Manual configuration: You can manually add IP PBXs to eSight one by one.
Device Management
l Device Information
Used to view detailed IP PBX information, including the system, license, version, and patch
information.
l Ping Test
Used to test the network connectivity between an IP PBX and other devices on the network.
l Signaling Tracing
Used to monitor protocol messages, signal link connection on ports, and service flows in real
time, which helps in fast fault location.
l Traffic Statistics
Used to collect statistics on global Real-Time Transfer Protocol (RTP) messages, Session
Initiation Protocol (SIP) sessions, SIP sessions on the outgoing trunk, SIP sessions on the
incoming trunk, and duration of a SIP session.
l Command Tree
Used to display common IP PBX commands in a tree structure.
l Configuration Backup and Restoration
Used to back up and restore the IP PBX configuration data.
l Operation Log
Used to record user operations and results.
l Run Log
Used to record logs of the info, warning, and error levels during the IP PBX operation.
l Device Panel
The IP PBX panel provides a device simulation graphical user interface (GUI) where you can
manage IP PBX's components, for example, boards.
l Trunk Tracing
Used to query the number of trunks that are occupied in real time and the number of trunks
that were occupied during a historical period, which facilitates trunk monitoring and
expansion.
l DSP Tracing
Used to query the number of Digital Signal Processor (DSP) resources that are occupied in
real time and the number of DSP resources that were occupied during a historical period.
l Patch Management
Used to view, load, activate, deactivate, save, delete, and update patches of the IP PBX
boards.
When an IP PBX detects voice quality abnormality, it actively reports the abnormality and
voice quality parameters to eSight through Trap messages. eSight saves voice quality data
independently for further analysis or exports the data in files.
Service Management
IP PBX resource statistics contains Primary Rate Adaptation (PRA) resource statistics, user
resource statistics, and DSP resource statistics.
A PRA trunk is a digital circuit trunk that uses E1 or T1 trunk cables to connect to peer
devices. PRA resource statistics help you learn PRA resource usage on IP PBXs in real time.
User resource statistics help you learn the number of calling users, total number of users, and
call rate to facilitate IP PBX management.
DSP is a micro processor that is dedicated to processing digital signals in real time. DSP
resource statistics help you learn DSP resource usage on IP PBXs in real time.
When an IP PBX detects voice quality abnormality, it actively reports the abnormality and
voice quality parameters to eSight through Trap messages. eSight saves voice quality data
independently for further analysis or exports the data in files.
Configuration Management
You can configure SIP trunks, active and standby servers, and software parameters for IP
PBXs in a batch.
Alarm Management
For details, see Alarm Management in Functions and Features.
Performance Management
For details, see Performance Management in Functions and Features. Major performance
counters include CPU and memory usage and usage of service resources such as conference
resources.
Device Management
eSight allows you to view the following information on the simulated device panel:
l Real-time status of boards and servers
l Time sequence of a Circuit Interface Unit (CIU) board
For more information about the U2900 device panel, see the Product Documentation of the
U2900.
Certificate Management
When any certificate needs to be updated or customers want to use their own certificates, you
need to upload new certificates. The certificate management function for the U2900 allows
you to replace the built-in certificate files of eSight. After certificates are updated, U2900
series devices can obtain the new certificates from eSight.
Alarm Management
For details, see Fault Management in Functions and Features.
Performance Management
For details, see Performance Management in Functions and Features.
Alarm Management
For details, see Alarm Management in Functions and Features.
Performance Management
For details, see Performance Management in Functions and Features.
l (Recommended) Batch import: After you specify the IP address, access gateway, user
name, and password of each IAD that you want to connect to eSight in a template, the
IADs can be imported to eSight in a batch.
l Automatic discovery: After you configure the IP address of eSight on IADs, eSight can
automatically discover the IADs.
l Manual configuration: You can manually add IADs to eSight one by one.
Device Management
l Basic Configuration
– Network Parameters
Used to set the IAD network parameters, including the IAD IP address, subnet
mask, gateway, and DNS.
– NMS
Used to set the parameters for connecting IADs to eSight, including the eSight IP
address, read/write community, port, and handshake interval.
– Device Time
Used to set the IAD time. You can manually set the IAD time or set the IAD time to
the current time on eSight.
l Advanced Configuration
– Protocol Switching
Used to switch the protocol used by IADs.
– Trap Function
Used to set whether IADs are allowed to report Trap messages to eSight.
– RTCP Alarm Threshold
Used to set the Real-Time Transport Control Protocol (RTCP) alarm threshold.
– Port Lock Threshold
Used to set the duration between the time when a port lock alarm is generated and
the time when the port lock alarm is reported.
l Service Configuration
– Service Configuration (MGCP)
Service configuration (MGCP) includes fax parameters, DTMF digit collection,
MGCP authentication mode, MGCP parameters, MGC, MG interface parameters,
TOS/COS and port attributes.
– Service Configuration (SIP)
Service configuration (SIP) includes digit map, proxy server, voice parameters, fax
parameters, DTMF digit collection, local switching, and local-switch route.
l System Tool
– Version Information Query
Used to query versions of IADs.
– Ping Test
Used to test the network connectivity between eSight and the IAD IP address.
– Configuration Backup and Restoration
Used to back up and restore the IAD configuration data.
Configuration Management
l Batch Configuration
With the batch configuration function, you can set a parameter on multiple IADs to the same
value. The following items can be configured in batches: network parameters, protocol
switching, proxy server, NMS parameters, configuration saving, read community, and write
community.
l Upgrade Management
– Manual Upgrade
IADs can be upgraded in a batch. You can upgrade IADs immediately or at a scheduled
time.
l Automatic Upgrade
After the automatic upgrade function is enabled, an IAD periodically detects the upgrade
file on the File Transfer Protocol (FTP) server and automatically upgrades the software.
This function applies to the upgrade of a large number of IADs.
Alarm Management
For details, see Fault Management in Functions and Features.
Performance Management
For details, see Performance Management in Functions and Features.
l Automatic discovery: eSight can use the automatic discovery function to add UAP3300
devices automatically.
l Manual configuration: You can manually add UAP3300 devices to eSight one by one.
Alarm Management
For details, see Fault Management in Functions and Features.
Creating a UC Subnet
After a UC subnet is created, eSight automatically adds applications and services in a UC
solution to the UC subnet.
Alarm Management
For details, see Alarm Management in Functions and Features.
Topology Management
For details, see Topology Management in Functions and Features.
Collecting Logs
After SSH parameters of the ECS server are configured, you can download logs of the ECS
server on eSight.
Creating a CC Subnet
After a CC subnet is created, eSight automatically adds devices in a CC solution to the CC
subnet.
Device Management
l CTI management: eSight supports NE management, alarm management, and
performance management for the CTI system.
l BIR, CMS, and eSpace Agent Desktop management: eSight supports alarm management
for the BIR, CMS, EDS, and eSpace Agent Desktop applications.
Alarm Management
For details, see Alarm Management in Functions and Features.
Performance Management
For details, see Performance Management in Functions and Features.
Topology Management
For details, see Topology Management in Functions and Features.
Managed Objects
l VTM Manager
The VTM Manager, a component of the Virtual Teller Center (VTC), remotely monitors,
maintains, and manages VTM terminals. It provides VTM terminal status information
and service reports.
l VTC
The VTC provides remote virtual teller services for users. The VTC system includes a
Media Control Center (MCC) module, a Multimedia Collaboration Management System
(MCMS) module, and an IAS. The MCC controls calls and provides interfaces for query
of information such as bank account permissions and call information. The MCMS is
used by inspectors to monitor tellers, check teller service quality, and manage the system.
The IAS provides the access service for mobile terminals and the anonymous call service
for Internet users.
Device Management
You can configure network parameters, service ports, and soft switching for SBCs (SX series)
and restart them on eSight. The device restart as well as soft switching and service port
configurations can be performed in a batch.
eSight can upgrade SBCs (SX series) devices in a batch. eSight can upgrade them
immediately or at a scheduled time.
Alarm Management
For details, see Alarm Management in Functions and Features.
NOTE
To use these functions, you must have the Telepresence Device Manager installed.
Device Management
l TE
Basic configuration, user settings, SIP parameters, network configuration, SNMP
parameters, audio parameters, and network address book
l MCU
– System configuration: device time, automatic restart, RTP, FTP, QoS, and DNS
– Network configuration: network port, SNMP, and trap
– Signal configuration: H323, GK, and SIP
l TP
System configuration: GK and SIP
Alarm Management
For details, see Alarm Management in Functions and Features.
Managed Objects
l Terminal
In the Telepresence system, terminals are endpoints that encode and decode audio and
video signals.
l MCU
A Multipoint Control Unit (MCU) is used for terminal access, video exchange, audio
mixing, data processing, and signaling exchange.
l TP
A TP, a Telepresence product developed by Huawei, uses high-definition video encoding
and digital image stitching technologies, bringing true-to-life widescreen video images.
It also adopts professional multi-channel audio capture and reproduction technologies to
achieve superior surround sound localization. Using the TP, users can enjoy remote
conferencing with life-size participant display and face-to-face experience
l GK
The gateway keeper (GK) is a core component of the Telepresence system. It is located
at the network control layer to manage nodes including the MCU, terminals, and
gateways. Node management functions provided by the GK include address resolution,
domain management, access control, registration management, call management,
bandwidth management, and route management.
NOTE
To use these functions, you must have the IVS Device Manager installed.
Creating a Subnet
l eSpace IVS solution
After IVS subnets are created, eSight automatically adds IVS devices (MAU, MPU, MTU,
TAU, VMU, and VCN3000)to the matching subnets based on the IVS device's IP address.
Service Overview
eSight displays key counters of the video surveillance application, so that users can obtain the
service running status.
Service Topology
Integrated software and hardware management for video surveillance VCN devices is
implemented in the service topology. eSight displays hierarchical relationships among the
VCNs and the status of each VCN. The offline camera ratio statistics display the offline trend
of cameras on the entire network or on a specific VCN during a certain period. eSight
supports graphical display of the offline camera ratio, so that you can obtain cameras' online
information.
Alarm Management
For details, see Alarm Management in Functions and Features.
Performance Management
For details, see Performance Management in Functions and Features.
Managed Objects
l eSpace IVS solution
– MAU: main control unit of the intelligent analysis subsystem in the eSpace IVS
solution. The MAU provides task management, rule management, and load
balancing functions.
– MPU: media processing unit in the eSpace IVS solution.
– MTU: media transcoding unit in the eSpace IVS solution for transcoding and
distributing media data.
– TAU: terminal access unit in the eSpace IVS solution.
– VMU: video management unit in the eSpace IVS solution.
– Front-end device: video shooting device in the eSpace IVS solution.
– VCN3000: integrated intelligent monitoring product that combines the IVS
platform and professional storage capabilities.
Configuration Management
eSight enables users to configure the configuration files of IVS application modules. It
forwards configurations to specific modules through configuration interfaces on the UOA to
ensure data synchronization with the modules.
eSpace IVS solution application modules include the OMU, DCG, SCU, MU, PCG, MAUS,
SMU, SafeVideo, HTTPS, and RSTP. For detailed module information, see the eSpace IVS
Product Documentation.
Report Management
Users can create and manage immediate and periodic report tasks on the report management
page.
NOTE
The management functions provided by eSight vary depending on IP phone models. The following
describes all the functions.
Configuration Management
l IP Phone Management Configuration
You can set parameters such as upgrade parameters, network access certificate
application, and IP phone access certificate application for managing IP phones.
Device Management
You can perform operations, including Device Restart, Fault Information Collection, and
Web Management, for IP phones on eSight.
l Access Scan
When no DHCP server is available, IP phones cannot actively connect to eSight because
they fail to obtain the IP address of eSight through DHCP. In this case, eSight provides
the access scan function to scan IP phones in specified network segments and modify its
IP address on the IP phones, so that the IP phones can connect to eSight.
NOTE
The access scan function applies to eSpace 7910 IP phones and eSpace 7950 IP phones of
V100R001C02 or later as well as eSpace 8950 IP phones of all versions.
Deployment Management
l Configuration file management
Configuration file management allows you to modify common parameters in the
configuration file template to batch modify IP phone configuration parameters.
You can specify a configuration policy to determine whether the parameters take effect
for all or specified IP phones.
l Version file management
eSight can manage manually upgraded and automatically deployed versions.
l Automatic deployment
This function associates subnets with configuration files, version files, and number
allocation information to implement plug-and-play deployment of IP phones, simplifying
configurations of end users.
l Number allocation
During automatic deployment, eSight can allocate numbers to IP phones, so that IP
phones are available for use immediately after they are connected to a network. eSight
allocates numbers to IP phones in a pre-defined mode or random mode.
l Manual deployment
You can manually upgrade IP phones or change their configurations in a batch, or
perform a scheduled upgrade task.
Monitoring Principle
Database application devices provide the SNMP agent to monitor the system. eSight monitors
databases after you start the SNMP agent on the databases.
On the network, the SNMP agent and eSight server are the key components for monitoring
databases.
l SNMP agent: collects the alarm and performance data from databases and reports the
data to the eSight server.
l eSight server: stores the alarm and performance data of third-party devices and displays
the data on the eSight client.
l Client: displays the alarms reported by databases.
l Peripheral equipment: collects and reports its own alarms to the eSight server through
the SNMP agent.
NE Access
eIMS allows users to add a single NE, users can also manage the NE connection status and
management status in the topology or on the eIMS device page.
Topology Management
In addition to all the functions mentioned in 2.5 Topology Management, eSight also offers
the following topology management functions for eIMS:
l Updates the eIMS connection and alarm status in the physical topology in real time.
l Allows users to right-click an eIMS to display the entries for current alarms and the
MML Client.
Alarm Management
In addition to all the alarm management functions mentioned in 2.3 Alarm Management,
eSight also allows users to manually and automatically synchronize current alarms, and clear
specific current alarms for devices.
Performance Management
By default, eSight offers key, major, and minor performance indicator templates. After
devices are connected to eSight, collection tasks about key performance indicators (KPIs) are
automatically added to collect performance data about network-wide devices.
MML Client
The MML client allows users to deliver MML commands to NEs of the same type and
version on eSight. The MML client offers a function-specific command navigation tree,
allows users to filter, search for, and sort NEs, supports MML command association and
online help, and records executed historical commands. Before executing a command that
may have severe negative effects, the MML Client informs users of possible execution results
and executes the command only after the users confirm the operation.
l Basic information
Users can view and update basic information about CPEs.
l Setting common parameters
Users can set the following common parameters for managed objects: WAN, WLAN,
LAN, local time, eSight server, gateway, router, firewall, and service access.
l General configuration
Users can modify CPE parameters using the TR-069-compliant configuration model tree.
l Integrating the CPE web manager
Users can jump to the CPE web manager from eSight, and set advanced parameters for a
single CPE.
l Exporting a configuration file
Users can export CPE configuration files for backup.
l Loading a configuration file
Users can load configuration files for CPEs.
l Performing remote maintenance
Users can remotely restart CPEs, restore factory defaults, and use the ping command to
check the connectivity.
l Managing device logs
Users can review diagnosis and routing log files about CPEs, download them from CPEs
to the eSight server, and export them to a local disk.
l Monitoring LAN port peak rates
Users can monitor peak rates of incoming and outgoing traffic on LAN ports.
Batch Configuration
Users can set parameters for CPE devices in batches.
Batch Upgrade
Users can upgrade the CPE firmware versions in batches instantly or as scheduled. Users can
also customize upgrade policies when the current and target versions of NEs are the same.
The number of upgrade tasks that can be concurrently executed is controlled by the file server
egress bandwidth.
Alarm Management
eSight allows users to manage the following CPE alarms: Lower computer disconnection
Lower computer quantity threshold-crossing LAN port upstream exception Weak wireless
signal Unauthorized access
Performance Management
eSight supports real-time and periodical collection and display of CPE indicators, including
LAN port rate, receive signal strength indictor, reference signal receiving power, and
downstream signal-to-noise ratio.
Log Management
eSight allows users to export CPE diagnosis and routing logs in batches.
Device Access
Users can add a single eNodeB, import a file to add eNodeBs in batches, or use eSight to
automatically discover eNodeBs that are running on the network. Users can also manage the
eNodeB connection status and management status in the topology or on the device overview
page.
Alarm Management
In addition to all the alarm management functions mentioned in 2.3 Alarm Management,
eSight also allows users to manually and automatically synchronize current alarms, and clear
specific current alarms for devices.
Performance Management
By default, eSight offers key, major, and minor performance indicator templates. After
devices are connected to eSight, collection tasks about key performance indicators (KPIs) are
automatically added to collect performance data about network-wide devices.
eSight supports 15 key performance counter templates, including eNodeB, link, RRU, board,
cell, port, and carrier; and automatically creates one-hour performance collection tasks when
eNodeBs are created. Users can also manually create and delete periodical detection tasks for
eNodeBs at an interval less than one hour.
Topology Management
In addition to all the functions mentioned in 2.5 Topology Management, eSight also offers
the following topology management functions for eNodeBs:
l Displays virtual connections between eNodeBs and eCNSs in the physical topology.
l Updates the eNodeB connection and alarm status in the physical topology in real time.
l Allows users to right-click an eNodeB to display the following functions: configuration
synchronization, alarm browsing, NE details, web network management, and MML
client.
NE Manager
Users can use the NE manager to comprehensively manage eNodeBs. eSight calculates the
NE health based on the following factors and displays the health information on the NE
manager:
l NE connection status
l Ratio of the unreachable duration to the total managed duration
l Ratio of critical and major alarms to the total alarms
l Number of current alarms
l Performance alarms
l CPU usage
The NE manager also allows users to check current and historical alarms of NEs as well as
NTP server configuration.
l Version files
l Hot and cold patches
l BootRom files
l Configuration files
l Certificate files
Users can update the software for multiple devices in a single task instantly or as scheduled.
Users can also review historical upgrade tasks, monitor the execution status of current
upgrade tasks, and control the number of concurrent upgrade tasks based on the file server
egress bandwidth.
MML Client
The MML client allows users to deliver MML commands to NEs of the same type and
version on eSight. The MML client offers a function-specific command navigation tree,
allows users to filter, search for, and sort NEs, supports MML command association and
online help, and records executed historical commands. Before executing a command that
may have severe negative effects, the MML Client informs users of possible execution results
and executes the command only after the users confirm the operation.
Device Access
eSight allows users to add a single device, and manage the eCNS connection status and
management status in the topology or on the device overview page. Due to limited quantity of
eCNSs, users do not need to import eCNSs in batches or use the automatic discovery function
to add eCNSs. However, the eCNS610 supports batch import.
Alarm Management
For eLTE eCNSs, eSight supports all the alarm management functions mentioned in 2.3
Alarm Management. eSight supports manual and automatic synchronization of current
alarms, and allows users to clear specific current alarms.
Topology Management
In addition to all the functions mentioned in 2.5 Topology Management, eSight also offers
the following topology management functions for eCNSs:
l Displays virtual connections between eNodeBs and eCNSs in the physical topology.
l Updates the eCNS connection and alarm status in the physical topology in real time.
l Allows users to right-click an eCNS to display the entries for current alarms and the
MML Client.
NE Manager
The NE manager enables in-depth management over eNodeBs, calculates NE health status by
the alarm severity and number of current alarms, and displays NE monitoring status.
The NE manager allows users to check current and historical alarms about devices, and check
physical resources about the eCNS600 and CGPOMU.
MML Client
The MML Client allows users to deliver MML commands to NEs of the same type and
version on eSight. The MML Client offers a function-specific command navigation tree,
allows users to filter, search for, and sort NEs, supports MML command association and
online help, and records executed historical commands. Before executing a command that
may have severe negative effects, the MML CLI informs users of possible execution results
and executes the command only after the users confirm the operation.
Table 2-5 lists custom devices and access protocols supported by eSight.
NE Type Customization
l Use a visualized wizard to customize devices:
– Device type segmentation
– Automatic SNMP MIB file analysis
– TRAP listening and alarm definition import for actual devices
– Quick introduction of existing definitions for devices of other types
– Pre-definition of standard alarms, performance, and key data
l Quickly enable device customization by importing and exporting.
l Quickly customize other similar types for devices from the same vendor and under the
same product group by duplication.
l Modify the following items of existing customized devices:
– Device type
– Alarm
– Performance
– Configuration file
– Concerned data
l Check the consistency of customized devices:
– Connect actual devices, and check and analyze customized devices.
– Output consistency check analysis reports.
3 Deployment Mode
eSight supports two networking modes: standalone deployment, and hierarchical deployment.
3.1 Standalone Mode
3.2 Distributed Deployment Mode
3.3 Two-Node Cluster Deployment Mode
In the single-node system deployment scheme, multiple web clients and the eSight server are
connected through a local area network (LAN) or wide area network (WAN)
NOTE
l The eSight single-node system can be deployed on a virtual machine (VMWare ESXI 5.5 and
FusionSphere 5.1) that runs the Windows operating system. Distributed and HA deployment
schemes cannot be deployed on a virtual machine.
l If the Oracle database is used, the database and eSight can be deployed on the same server or
different servers (if on different servers, customers need to prepare the server to install the database).
l If the network traffic analyzer (NTA) is deployed, the single-node system management scale does
not exceed 5000 equivalent NEs. In a single node system, the NTA can manage a maximum of 10
nodes at 2000 flows/s.
The secondary host in the distributed system refers to the network traffic collector (NTC),
WLAN location server or distributed UC Device Manager.
l If the Oracle database is used, the database and eSight can be deployed on the same server or
different servers (if on different servers, customers need to prepare the server to install the
database).
l When the network scale exceeds 5000 equivalent NEs or more than 10 devices need network
traffic management, the NTC must be deployed on an independent server. In the distributed
deployment scheme, the NTC can manage a maximum of 350 devices at 30,000 flows/s.
l When the quantity of APs exceeds 1000, the WLAN positioning server must be deployed
independently. In the distributed deployment scheme, the WLAN positioning server is able to
position a maximum of 2000 APs.
l In the distributed deployment scheme, each UC Device Manager node can manage a
maximum of 2000 phones (calculation method: Number of IP phones/4 + Number of IP PBXs
+ Number of IADs).
NOTE
l The eSight Network Traffic Analyzer, Facilities Infrastructure Manager, and Application Manager
do not support High-Availability (HA) systems.
l HA systems do not support distributed deployment.
NOTE
Bond: On the SUSE Linux operating system, the bond technology is used to form a virtual layer
between the physical layer and the data link layer. This technology allows two server NICs connecting to
a switch to be bound to one IP address. The MAC addresses of the two NICs are also automatically
bound as one MAC address. In this manner, a virtual NIC is formed.
Because the two eSight servers use different IP addresses, you must set the IP addresses of the
active and standby servers on managed devices. In this case, information, such as alarms, on
the devices can be automatically sent to the standby server after active and standby
switchover, which ensures normal device monitoring and management.
4 Networking Mode
NOTE
For details about the mappings between eSight and devices, see the version mappings in the release
notes delivered with the version.
eSight uses a variety of protocols - such as SNMP, FTP/SFTP, and TR069 - to communicate
with managed devices. eSight faults have no impact on the networking and services of
managed devices. The following figure shows a typical scenario of eSight.
5 Configuration
NOTE
Management scale (Number of equivalent NEs) = Number of managed network devices + Number of
managed APs + Number of managed PON devices + Number of managed video surveillance devices +
Number of managed telepresence devices + Number of managed UC devices (Number of IP PBXs /
U19XXs x 10) + Number of IP phones / 4 + Number of eLTE CPEs / 5 + Number of eLTE eNodeBs x 2
+ Number of eLTE eCNSs x 20 + Number of eIMS devices x 20 + Number of low-end storage devices x
10 + Number of heterogeneous storage devices x 10 + Number of mid-range storage devices x 20 +
Number of high-end storage devices x 160 + (Number of Big Data storage nodes / 288) x 160 + Number
of rack servers x 2 + Number of blade servers x 20 + Number of objects monitored by the Application
Manager x 2 + Number of sites monitored by the Facilities Infrastructure Manager x 2 + Number of
VMs x 1 + OS x 1 + Number of eIMS devices x 20.
If the number of Big Data storage nodes is not the integral multiple of 288, the result of Number of Big
Data storage nodes/288 is rounded up to an integer.
The eSight Facilities Infrastructure Manager does not support Firefox 38 esr and Chrome 43. Use
Internet Explorer 9, Internet Explorer 10 or Internet Explorer 11 for it.
l Memory: 1 GB or above
The planned bandwidth for each terminal upgrade is 256 kbit/s. In the formula, Y/10 indicates that
10% terminals are concurrently upgraded. eSight allows users to upgrade 100 terminals at the
same time, requiring 25.6 Mbit/s.
l Additional bandwidth for network traffic:
N x 400 bit/s
NOTE
l In the formula, N indicates the number of flows and its unit is flow/s.
l The bandwidth for a flow is calculated as follows: (1500/30) x 8 bit/s = 400 bit/s. Here, 1500
indicates that the average size of a NetStream packet is 1500 bytes, and 30 indicates that a
NetStream packet has about 30 flows.
l 10000 flows require a bandwidth of 3.8 Mbit/s.
l Additional LogCenter bandwidth (between the LogCenter collector and devices)
Distributed deployment: 36 Mbit/s
l Additional bandwidth for deploying the operating system for servers:
15 Mbit/s
NOTE
eSight allows users to load and deploy the operating system image through ServiceCD. Deploying
the operating system for each server requires 1.5 Mbit/s. eSight allows users to deploy the
operating system for a maximum of 10 servers at the same time, requiring 15 Mbit/s.
6 Technical Specifications
Counter Value
NOTE
A Glossary
A
AC See access controller.
access controller (AC) A device that controls and manages all associated access points (APs) in a WLAN. An
AC can work with the authentication server to provide the authentication service for
WLAN users.
acknowledged alarms Alarms that are already handled. With the alarms acknowledged, you can identify the
alarms that are not handled so that you can handle these alarms in time.
administrator A user who has authority to access all EMLCore product management domains. This
user has access to the entire network and all management functions.
aerial view A window of the NMS, which displays a thumbnail of the current topology view.
alarm A message reported when a fault is detected by a device or by the network
management system during the device polling process. Each alarm corresponds to a
clear alarm. After a clear alarm is received, the corresponding alarm is cleared.
alarm masking A method to mask alarms for the alarm management purpose. Alarms that are masked
are not displayed on the NMS or the NMS does not monitor unimportant alarms.
alarm name A brief description of the symptom of the failure related to this alarm.
alarm source To automatically report alarms, the ECC system can receive alarms from multiple
alarm sources such as smoke detectors and alarming hosts.
B
B/S browser/server
BBU See backup battery unit.
BIOS See basic input/output system.
backup Process of copying data to another storage area so that it can be used to restore the
data when the source data is damaged or lost.
backup battery unit A battery module that can supplies power for a controller enclosure in a short time
(BBU) when the system is powered off.
basic input/output Firmware stored on the computer motherboard that contains basic input/output control
system (BIOS) programs, power-on self test (POST) programs, bootstraps, and system setting
information. The BIOS provides hardware setting and control functions for the
computer.
bit/s See bits per second.
bits per second (bit/s) A rate at which the individual bits are transmitted through a communication link or
circuit. Its unit can be bit/s, kbit/s, and Mbit/s.
blacklist A list containing information about subscribers who are prohibited from using certain
permissions or services due to certain reasons.
C
CC See conference call.
CLI command-line interface
CPE See customer-premises equipment.
CPU See central processing unit.
central processing unit The computational and control unit of a computer. The CPU is the device that
(CPU) interprets and executes instructions. The CPU has the ability to fetch, decode, and
execute instructions and to transfer information to and from other resources over the
computer's main data-transfer path, the bus.
cluster A computer technology that integrates a set of loosely connected servers to work
together so that in many respects they can be viewed as a single system. A cluster is
used to improve system stability, reliability, data processing capability, and service
capability. For example, a cluster is used to reduce single-point failures, share storage
resources, load balances, and improve system performance.
collector An important component of the NMS that is used to collect device data. It collects
device data through continuous polling and stores the collected data in the database for
collectors. The NMS server reads required data from the collector database. Different
devices are collected by different collectors.
conference call (CC) A conference by telephone in which three or more parties in different locations
participate by using a central switching unit.
configuration data A command file defining hardware configurations of an NE. With this file, an NE can
collaborate with other NEs in a network. Therefore, configuration data is the key
factor that determines the operation of an entire network.
configuration file A file that contains machine-readable operating specifications for a piece of hardware
or software or that contains information on another file or on a specific user, such as
the user's login ID.
customer-premises The equipment located at an end-user's premises. Most CPEs are telephones or other
equipment (CPE) service equipment. A CPE can be a Mobile Station (MS) or a Subscriber Station (SS).
An MS is mobile equipment, and an SS is fixed equipment.
D
DNS See domain name service.
data backup A method of copying key data to the backup storage area to prevent data loss in case
the original storage area is damaged or a failure occurs.
domain name service A hierarchical naming system for computers, services, or any resource connected to
(DNS) the Internet or a private network. It associates various information with domain names
assigned to each of the participants. The DNS distributes the responsibility of
assigning domain names and mapping those names to IP addresses by designating
authoritative name servers for each domain.
dump To export alarm data from the database to the customized file. The exported data is
cleared in the database.
E
ESN See equipment serial number.
Ethernet A LAN technology that uses the carrier sense multiple access with collision detection
(CSMA/CD) media access control method. The Ethernet network is highly reliable
and easy to maintain. The speed of an Ethernet interface can be 10 Mbit/s, 100 Mbit/s,
1000 Mbit/s, or 10,000 Mbit/s.
Extensible Markup A specification developed by the World Wide Web Consortium (W3C). XML is a
Language (XML) pared-down version of Standard Generalized Markup Language (SGML), designed
especially for Web files. It allows designers to create their own customized tags,
enabling the definition, transmission, validation, and interpretation of data between
applications and between organizations.
eNodeB E-UTRAN NodeB
eSight See eSight.
eSight (eSight) A Huawei's next-generation ICT O&M system for the enterprise market and the first
cross-filed and cross-vendor ICT O&M system of Huawei Enterprise BG. It is
designed to centrally manage storage devices, servers, routers, switches, firewalls,
WLANs, unified communication, telepresence conferences, and video surveillance. In
addition, it is capable of managing a wide range of devices from other vendors.
equipment serial A string of characters that identify a piece of equipment and ensures correct allocation
number (ESN) of a license file to the specified equipment. It is also called "equipment fingerprint".
F
FFT fast Fourier transformation
FTP File Transfer Protocol
FTPS See File Transfer Protocol over SSL.
File Transfer Protocol An extension to the commonly used File Transfer Protocol (FTP) that adds support for
over SSL (FTPS) the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) cryptographic
protocols.
firewall A combination of a series of components set between different networks or network
security domains. By monitoring, limiting, and changing the data traffic across the
firewall, it masks the interior information, structure and running state of the network
as much as possible to protect the network security.
firmware A programmable software usually written into the EROM or EPROM in a hardware
component. It is responsible for the elementary basic works in the system and is
scalable as software.
floating IP address An IP address that a high availability (HA) system uses to communicate with the
external system. The active server and standby server have separate IP addresses. For
example, the IP address of the active server is IP1 and the IP address of the standby
server is IP2. When communicating with the external client, the active or standby
server uses IP3, and IP3 is bound to the network adapter of the active server. At this
time, the active server has two IP addresses, namely IP1 and IP3. The standby server
has only IP2, therefore, it does not provide services to the external client. When an
active/standby switchover occurs, the active server releases IP3, and IP3 is bound to
the network adapter of the standby server. This is called floating.
G
GE Gigabit Ethernet
GPON gigabit-capable passive optical network
GUI graphical user interface
gateway A device that connects two network segments using different protocols. It is used to
translate the data in the two network segments.
H
HA system high availability system
HBA host bus adapter
HTTP See Hypertext Transfer Protocol.
HTTPS See Hypertext Transfer Protocol Secure.
Hypertext Transfer An application-layer protocol used for communications between web servers and
Protocol (HTTP) browsers or other programs. HTTP adopts the request-response mode. A client sends a
request to the server. The request consists of two parts: request header and MIME-like
message. The request header contains request method, uniform resource locator
(URL), and protocol version. The MIME-like message contains request modifiers,
client information, and possible body content. Upon receiving the request, the server
responds with a status line. The status line includes the message's protocol version, a
success or error code, and a MIME-like message, which contains server information,
entity meta-information, and possible entity-body content. For details about HTTP, see
RFC2616.
Hypertext Transfer An HTTP protocol that runs on top of transport layer security (TLS) and Secure
Protocol Secure Sockets Layer (SSL). It is used to establish a reliable channel for encrypted
(HTTPS) communication and secure identification of a network web server. For details, see
RFC2818.
high-availability A high-availability (HA) system is in comparison to the stand-alone system. It refers
system to the dual-system backup deployment, which ensures the normal operating when one
computer is faulty. However, the deployment has high costs.
I
IAD See integrated access device.
ICMP See Internet Control Message Protocol.
ID See identity.
J
JSR jam-to-signal ratio
K
KPI key performance indicator
KVM See keyboard, video, and mouse.
keyboard, video, and A hardware device installed in the integrated configuration cabinet. KVM serves as
mouse (KVM) the input and output device for the components inside the cabinet. It consists of a
screen, a keyboard, and a mouse.
L
LAN See local area network.
LDAP See Lightweight Directory Access Protocol.
LLDP See Link Layer Discovery Protocol.
M
MAC address A link layer address or physical address. It is six bytes long.
MIB See management information base.
MML man-machine language
MML command Command using human-machine language, which is a main mode for operation and
maintenance on NEs. The EMS can operate NEs by issuing MML commands.
MO managed object
MPLS See Multiprotocol Label Switching.
MPLS VPN See multiprotocol label switching virtual private network.
MTBF See mean time between failures.
MTTR See mean time to repair.
Multiprotocol Label A technology that uses short tags of fixed length to encapsulate packets in different
Switching (MPLS) link layers, and provides connection-oriented switching for the network layer on the
basis of IP routing and control protocols.
management The information that is used for network management in a transport network.
information
management A type of database used for managing the devices in a communications network. It
information base comprises a collection of objects in a (virtual) database used to manage entities (such
(MIB) as routers and switches) in a network.
management rights The rights enabling a user to manage the specified devices and boards or the group of
a user to manage specified domains.
masked alarm An alarm whose correlation action is set to masked in alarm correlation analysis.
mean time between The average time between consecutive failures of a piece of equipment. It is a measure
failures (MTBF) of the reliability of the system.
mean time to repair The average time that a device will take to recover from a failure.
(MTTR)
multiprotocol label An Internet Protocol (IP) virtual private network (VPN) based on the multiprotocol
switching virtual label switching (MPLS) technology. It applies the MPLS technology for network
private network routers and switches, simplifies the routing mode of core routers, and combines
(MPLS VPN) traditional routing technology and label switching technology. It can be used to
construct the broadband Intranet and Extranet to meet various service requirements.
N
NAS network attached storage
NE network element
NIC network interface card
NTA See network traffic analyzer.
NTC See network traffic collector.
NTP Network Time Protocol
NetStream As a measurement and release technique based on network stream information,
NetStream can categorize and measure the traffic on the network and the utilization of
resources. It performs management and charging for various services and based on
different QoS.
network traffic Network traffic analysis tool that obtains statistical data from the NTC (Network
analyzer (NTA) Traffic Collector). The statistical data is a basis for flow evidence, capacity planning,
and attack detection.
network traffic Application running in Unix or Windows, which is responsible for receiving and
collector (NTC) processing UDP packets from the NTE (Network Traffic Exporter). Then it sends
statistical data to the NTA for further analysis.
O
O&M operation and maintenance
OLT optical line terminal
OMS operational management system
ONU See optical network unit.
optical network unit A form of Access Node that converts optical signals transmitted via fiber to electrical
(ONU) signals that can be transmitted via coaxial cable or twisted pair copper wiring to
individual subscribers.
optical splitter A passive component, which is used for splitting and sending optical power to
multiple ONUs connected by an optical fiber. In a GPON system that consists of the
OLT, ONU, splitter, and optical fibers, according to the split ratio, the optical signal
over the optical fiber connected to the OLT is splitted into multiple channels of optical
signals and send each channel to each ONU. Split ratio determines how many
channels of optical signals an optical fiber can be split to.
P
PBX private branch exchange
PC personal computer
PDB power distribution box
PHP penultimate hop popping
PON passive optical network
PXE See preboot execution environment.
PoE power over Ethernet
ping A method used to test whether a device in the IP network is reachable according to the
sent ICMP Echo messages and received response messages.
preboot execution A technology that enables computers to boot from the network. This technology is the
environment (PXE) successor of Remote Initial Program Load (RPL). The PXE works in client/server
mode. The PXE client resides in the ROM of a network adapter. When the computer is
booted, the BIOS invokes the PXE client to the memory, and the PXE client obtains
an IP address from the DHCP server and downloads the operating system from the
remote server using TFTP.
R
RADIUS See Remote Authentication Dial In User Service.
RADIUS An authentication mode in which the BRAS sends the user name and the password to
authentication the RADIUS server by using the RADIUS protocol. The RADIUS server
authenticates the user, and then returns the result to the BRAS.
RAID redundant array of independent disks
RRU See remote radio unit.
Remote Authentication A security service that authenticates and authorizes dial-up users and is a centralized
Dial In User Service access control mechanism. As a distributed server/client system, RADIUS provides
(RADIUS) the AAA function.
rack server A server that adopts the rack architecture. The architecture complies with the device
architecture standards of the telecommunication room, that is, a device is 19-inch wide
and its height is in the unit of U.
remote radio unit A module of the distributed base station. It performs the IF processing (digital I/Q
(RRU) modulation/demodulation, frequency up-/down-conversion, and DA/AD conversion)
of the signals, RF processing, and duplex.
report template A collection of report styles pre-defined by the report system. The report styles
include the report content, layout, data source, and generation conditions of the
statistics.
rights- and domain- A function of the NMS for authority management. With this function, you can:
based management
l Partition and control the management authority.
l Manage device nodes and service data by region.
l Grant different management and operation rights to users for different regions.
S
SAN See storage area network.
SAS serial attached SCSI
SATA Serial Advanced Technology Attachment
SCTP See Stream Control Transmission Protocol.
SFTP See Secure File Transfer Protocol.
SIP Session Initiation Protocol
SLA See service level agreement.
SMI structure of management information
SNMP See Simple Network Management Protocol.
SQL See structured query language.
SSH See Secure Shell.
SSID service set identifier
SSL See Secure Sockets Layer.
STelnet Secure Shell Telnet
Secure File Transfer A network protocol designed to provide secure file transfer over SSH.
Protocol (SFTP)
Secure Shell (SSH) A set of standards and an associated network protocol that allows establishing a secure
channel between a local and a remote computer. A feature to protect information and
provide powerful authentication function for a network when a user logs in to the
network through an insecure network. It prevents IP addresses from being deceived
and simple passwords from being captured.
Secure Sockets Layer A security protocol that works at a socket level. This layer exists between the TCP
(SSL) layer and the application layer to encrypt/decode data and authenticate concerned
entities.
Simple Network A network management protocol of TCP/IP. It enables remote users to view and
Management Protocol modify the management information of a network element. This protocol ensures the
(SNMP) transmission of management information between any two points. The polling
mechanism is adopted to provide basic function sets. According to SNMP, agents,
which can be hardware as well as software, can monitor the activities of various
devices on the network and report these activities to the network console workstation.
Control information about each device is maintained by a management information
block.
Stream Control A transport layer protocol used between the SCTP user application and a
Transmission Protocol connectionless packet network. In the SIGTRAN protocol stack, the upper-layer user
(SCTP) of SCTP is the adaptation module of the SCN signaling, for example, M2UA and
M3UA, and the lower layer of SCTP is the IP network. The SCTP protocol delivers
the higher reliability, optimum real-time performance, and multi-homing feature for
signaling transmission.
security Protection of a computer system and its data from harm or loss. A major focus of
computer security, especially on systems accessed by many people or through
communication lines, is preventing system access by unauthorized individuals.
service level agreement A service agreement between a customer and a service provider. SLA specifies the
(SLA) service level for a customer. The customer can be a user organization (source domain)
or another differentiated services domain (upstream domain). An SLA may include
traffic conditioning rules which constitute a traffic conditioning agreement as a whole
or partially.
signaling tracing An operation performed to trace messages, the connection process of a signaling link
on a port, and service processes in real time. The traced messages can be stored
automatically for check. The signaling tracing function provides a basis for rectifying
faults.
software distribution A mechanism for distributing applications and files to implement batch transfer of
files and applications and automatic installation of applications.
software source The installation media and configuration files used for deploying software.
storage area network An architecture to attach remote computer storage devices such as disk array
(SAN) controllers, tape libraries and CD arrays to servers in such a way that to the operating
system the devices appear as locally attached devices.
structured query A programming language widely used for accessing, updating, managing, and
language (SQL) querying data in a relational database.
subnet An abbreviation for subnetwork. A type of smaller networks that form a larger
network according to a rule, for example, according to different districts. This
facilitates the management of the large network.
T
TCP See Transmission Control Protocol.
TCP/IP Transmission Control Protocol/Internet Protocol
TFTP See Trivial File Transfer Protocol.
TLS Transport Layer Security
Transmission Control The protocol within TCP/IP that governs the breakup of data messages into packets to
Protocol (TCP) be sent using Internet Protocol (IP), and the reassembly and verification of the
complete messages from packets received by IP. A connection-oriented, reliable
protocol (reliable in the sense of ensuring error-free delivery), TCP corresponds to the
transport layer in the ISO/OSI reference model.
Trivial File Transfer A small and simple alternative to FTP for transferring files. TFTP is intended for
Protocol (TFTP) applications that do not need complex interactions between the client and server.
TFTP restricts operations to simple file transfers and does not provide authentication.
telepresence The Huawei telepresence system provides users a comfortable videoconferencing
environment in which they can have true-to-life and face to face remote conferences.
threshold A limitation on an amount, scale, or level. Changes will occur when a threshold is
reached.
threshold alarm The alarm occurs when the monitored value exceeds the threshold.
topology object A basic element in the NMS topology view, which includes submap, node, connection,
and so on.
traffic statistics An activity of measuring and collecting statistics of various data on devices and
telecommunications networks. With the statistics, operators can be aware of the
operating status, signaling, users, system resource usage of the devices or networks.
The statistics also help the operators manage the device operating, locate problems,
monitor and maintain the networks, and plan the networks.
U
UC See unified communications.
UDP See User Datagram Protocol.
UNI See user-to-network interface.
UPS uninterruptible power supply
URL See uniform resource locator.
User Datagram A TCP/IP standard protocol that allows an application program on one device to send
Protocol (UDP) a datagram to an application program on another. UDP uses IP to deliver datagrams.
UDP provides application programs with the unreliable connectionless packet delivery
service. That is, UDP messages may be lost, duplicated, delayed, or delivered out of
order. The destination device does not actively confirm whether the correct data
packet is received.
unified A service that is not limited by the device-and-network-centered communication
communications (UC) method (for example, email, instant short message, telephone, and multimedia
conference) and uses advanced technologies to enable users to communicate with their
colleagues, customers, and cooperation partners conveniently and effectively by using
most common communication tools and applications.
uniform resource An address that uniquely identifies a location on the Internet. A URL is usually
locator (URL) preceded by http://, as in http://www.microsoft.com. A URL can contain more details,
such as the name of a hypertext page, often with the file name extension .html or .htm.
user-to-network The interface between user equipment and private or public network equipment (for
interface (UNI) example, ATM switches).
V
VAP See virtual access point.
VLAN virtual local area network
VM See virtual machine.
VPN virtual private network
VTM See Virtual Teller Machine.
Virtual Teller Machine Self-service banking terminal that enables customers to process banking services
(VTM) independently or with remote assistance from tellers.
version file Includes the version software, patches, licenses, configuration data, and logs.
virtual NE An object similar to a common NE and is also displayed with an icon on a view. A
virtual NE, however, is only an NE simulated according to the practical situation,
which does not represent an actual NE. Therefore, the actual status of this NE cannot
be queried and its alarm status cannot be displayed with colors. Usually, a virtual NE
provides the trail management function for the NEs or subnetworks that the NMS
cannot manage, or provides the end-to-end service configuration method and the trail
management capability when the equipment is interconnected with third-party NEs.
virtual access point UVPCenter or vCenter for providing a centralized extensible platform for managing
(VAP) the virtualized infrastructures. - Centrally controls virtualized infrastructures. -
Provides automatic resource scheduling and high availability to improve cluster
security and availability.
virtual link The logical connection between topological objects in the NMS topology view.
virtual machine (VM) A software simulation of a complete computer system, which runs in an independent
environment and provides all hardware system functions. A physical machine can be
virtualized as multiple VMs based on application requirements, which allows multiple
operating systems to run on the same physical machine. Each operating system can be
virtually partitioned and configured, and users can switch between operating systems.
W
WAN wide area network
WLAN See wireless local area network.
WebUI web user interface
Wi-Fi See Wireless Fidelity.
Wireless Fidelity (Wi- A short-distant wireless transmission technology. It enables wireless access to the
Fi) Internet within a range of hundreds of feet wide.
whitelist A list or register of items that, for one reason or another, are being provided a
particular privilege, service, mobility, access or recognition.
wireless local area A hybrid of the computer network and the wireless communication technology. It uses
network (WLAN) wireless multiple address channels as transmission media and carriers out data
interaction through electromagnetic wave to implement the functions of the traditional
LAN.
X
XML See Extensible Markup Language.