Bsap Communications Application Programmer S Reference en 132716

eSight
V300R005C00
Product Description
Issue 03
Date 2016-05-30
HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2016. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or
representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website: http://e.huawei.com
Issue 03 (2016-05-30) Huawei Proprietary and Confidential i

Copyright © Huawei Technologies Co., Ltd.
eSight
Product Description About This Document
About This Document
Purpose
This document describes the product positioning, architecture, functions, and applications of
eSight and provides configuration requirements and technical counters for eSight.
This document helps you understand eSight functions and basic operations.
Intended Audience
This document is intended for:
l Huawei pre-sales engineers

l Huawei technical support engineers
l Partner pre-sales engineers
l Partner technical support engineers
l Enterprise pre-sales engineers
l Enterprise administrators
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol Description
Indicates an imminently hazardous situation which, if not

avoided, will result in death or serious injury.
Indicates a potentially hazardous situation which, if not

avoided, could result in death or serious injury.

avoided, may result in minor or moderate injury.
Issue 03 (2016-05-30) Huawei Proprietary and Confidential ii

eSight
Product Description About This Document
Symbol Description

avoided, could result in equipment damage, data loss,
performance deterioration, or unanticipated results.
NOTICE is used to address practices not related to personal
injury.
Calls attention to important information, best practices and

tips.
NOTE is used to address information not related to personal
injury, equipment damage, and environment deterioration.
Change History
Changes between document issues are cumulative. The latest document issue contains all the
changes made in earlier issues.
Issue 03 (2016-05-30)
This issue is the third official release which incorporates the following changes:
l Updated 5 Configuration.
Updates in Issue 02 (2016-03-30)

This issue is the second official release, which incorporates the following changes:
l Updated 2.11 Hierarchical Network Management.
l Added 2.24 Custom Device Management.
l Updated 5 Configuration.
Updates in Issue 01 (2015-12-30)

This issue is the first official release.
Issue 03 (2016-05-30) Huawei Proprietary and Confidential iii

eSight
Product Description Contents
Contents
About This Document.....................................................................................................................ii

1 Product Positioning and Features...............................................................................................1
1.1 Positioning...................................................................................................................................................................... 2
1.2 Product Features............................................................................................................................................................. 2
2 Functions and Features................................................................................................................. 4

2.1 Security Management..................................................................................................................................................... 6
2.2 Resource Management................................................................................................................................................. 12
2.3 Alarm Management...................................................................................................................................................... 15
2.4 Performance Management............................................................................................................................................ 17
2.5 Topology Management................................................................................................................................................. 21
2.6 View Display on Home Pages...................................................................................................................................... 37
2.7 Big Screen Monitoring................................................................................................................................................. 38
2.8 Log Management.......................................................................................................................................................... 38
2.9 License Management.................................................................................................................................................... 39
2.10 Database Overflow Dump.......................................................................................................................................... 39
2.11 Hierarchical Network Management............................................................................................................................40
2.12 Two-Node Cluster System..........................................................................................................................................43
2.13 Maintenance Tool....................................................................................................................................................... 43
2.14 Report Management................................................................................................................................................... 44
2.14.1 Network Report....................................................................................................................................................... 45
2.14.2 Storage Report......................................................................................................................................................... 46
2.14.3 Resource Report...................................................................................................................................................... 47
2.15 Network Management................................................................................................................................................ 47
2.15.1 IP Topology Management........................................................................................................................................47
2.15.2 Link Management....................................................................................................................................................48
2.15.3 Single NE Management...........................................................................................................................................49
2.15.4 Terminal Resources................................................................................................................................................. 49
2.15.5 VLAN Management................................................................................................................................................ 52
2.15.6 Smart Configuration Tool........................................................................................................................................ 55
2.15.7 Configuration File Management..............................................................................................................................57
2.15.8 MIB Management....................................................................................................................................................59
2.15.9 Device Software Management.................................................................................................................................59
Issue 03 (2016-05-30) Huawei Proprietary and Confidential iv

eSight
2.15.10 WLAN Management............................................................................................................................................. 62

2.15.11 SLA Management.................................................................................................................................................. 78
2.15.12 iPCA Management................................................................................................................................................ 85
2.15.13 QoS Management.................................................................................................................................................. 88
2.15.14 Network Traffic Analysis...................................................................................................................................... 89
2.15.15 IPSec VPN Management....................................................................................................................................... 98
2.15.16 BGP/MPLS VPN Management........................................................................................................................... 105
2.15.17 BGP/MPLS Tunnel Management........................................................................................................................108
2.15.18 Secure Center Management................................................................................................................................. 111
2.15.19 LogCenter Management...................................................................................................................................... 154
2.15.20 SVF Management................................................................................................................................................ 155
2.15.21 Zero Touch Provisioning..................................................................................................................................... 157
2.15.22 eSight Mobile Management.................................................................................................................................161
2.15.22.1 Device 3D......................................................................................................................................................... 161
2.15.22.2 Region Monitor.................................................................................................................................................164
2.15.22.3 360-Degree WLAN Monitoring....................................................................................................................... 166
2.15.22.4 Terminal Diagnosis...........................................................................................................................................169
2.15.22.5 Homepage Picture Customization.................................................................................................................... 170
2.15.22.6 Zero Touch Provisioning.................................................................................................................................. 171
2.15.22.7 SDK.................................................................................................................................................................. 178
2.15.22.8 iPCA................................................................................................................................................................. 178
2.15.23 PON Management............................................................................................................................................... 185
2.15.24 AR Voice Management........................................................................................................................................186
2.16 Storage Management................................................................................................................................................ 187
2.16.1 Storage Device Management.................................................................................................................................187
2.16.2 Storage Capacity Management.............................................................................................................................. 192
2.16.3 Batch Storage Allocation.......................................................................................................................................193
2.17 Server Management.................................................................................................................................................. 195
2.17.1 Device Management.............................................................................................................................................. 195
2.17.2 Server Stateless Computing Management............................................................................................................. 197
2.17.3 Server Deployment Management.......................................................................................................................... 200
2.17.4 Firmware Version Management.............................................................................................................................201
2.18 Virtual Resource Management................................................................................................................................. 201
2.19 Application Management......................................................................................................................................... 204
2.20 Infrastructure Management.......................................................................................................................................208
2.21 Collaboration Management.......................................................................................................................................211
2.21.1 Unified Communications Management................................................................................................................. 211
2.21.1.1 IP PBX Management.......................................................................................................................................... 211
2.21.1.2 U2900 Management........................................................................................................................................... 214
2.21.1.3 USM Management..............................................................................................................................................216
2.21.1.4 IAD Management............................................................................................................................................... 216
2.21.1.5 UAP3300 Management...................................................................................................................................... 218
Issue 03 (2016-05-30) Huawei Proprietary and Confidential v

eSight
2.21.1.6 UC Application Management............................................................................................................................. 219

2.21.1.7 CC Application Management............................................................................................................................. 219
2.21.1.8 VTM Device Management................................................................................................................................. 220
2.21.1.9 EC Outsourced Device Management................................................................................................................. 221
2.21.2 Telepresence Meeting Management...................................................................................................................... 221
2.21.2.1 Telepresence Device Management..................................................................................................................... 221
2.21.3 Video Surveillance Management...........................................................................................................................223
2.21.3.1 IVS Application Management............................................................................................................................ 223
2.21.3.2 IVS Data Analysis.............................................................................................................................................. 224
2.21.4 IP Phone Management...........................................................................................................................................225
2.21.5 Database Application Management.......................................................................................................................227
2.22 eIMS Management................................................................................................................................................... 228
2.23 eLTE Management....................................................................................................................................................229
2.23.1 eLTE CPE Management........................................................................................................................................ 229
2.23.2 eLTE eNodeB Management...................................................................................................................................231
2.23.3 eLTE eCNS Management...................................................................................................................................... 233
2.23.4 eLTE Service Channel Diagnosis.......................................................................................................................... 234
2.24 Custom Device Management....................................................................................................................................234
2.25 Integration Capability............................................................................................................................................... 236
3 Deployment Mode.....................................................................................................................237
3.1 Standalone Mode........................................................................................................................................................ 238
3.2 Distributed Deployment Mode................................................................................................................................... 238
3.3 Two-Node Cluster Deployment Mode........................................................................................................................240
4 Networking Mode..................................................................................................................... 242

4.1 eSight and Device Networking...................................................................................................................................243
4.2 eSight and OSS Integration........................................................................................................................................ 244
4.3 eSight Hierarchical Networking................................................................................................................................. 245
5 Configuration............................................................................................................................. 246
5.1 Hardware and Software Requirements....................................................................................................................... 247
5.2 Client Configuration Requirements............................................................................................................................253
5.3 Network Bandwidth Requirements............................................................................................................................ 253
6 Technical Specifications...........................................................................................................255
6.1 Technical Counters for Basic Management................................................................................................................256
6.2 Technical Counters for Management Capacity...........................................................................................................256
7 Standard and Protocol Compliance....................................................................................... 259

A Glossary......................................................................................................................................260
Issue 03 (2016-05-30) Huawei Proprietary and Confidential vi

eSight
Product Description 1 Product Positioning and Features
1 Product Positioning and Features
About This Chapter
1.1 Positioning
1.2 Product Features
Issue 03 (2016-05-30) Huawei Proprietary and Confidential 1

eSight
1.1 Positioning
The eSight system is a new-generation comprehensive operation and maintenance solution
developed by Huawei for the network infrastructure, Unified Communications (UC),
telepresence conferencing, video surveillance, and data center in enterprises. eSight centrally
manages servers, storage devices, virtualization, switches, routers, WLAN, firewalls, eLTE
CPEs, eNodeBs, eCNSs, equipment room facilities, UC, eIMS devices, telepresence, video
surveillance, and application systems. eSight enables automatic deployment, visualized fault
diagnosis, and intelligent capacity analysis for enterprise ICT devices. With these functions,
eSight effectively helps enterprises improve O&M efficiency and resource usage while
reducing O&M costs, ensuring the reliable operation of ICT systems.
1.2 Product Features

Unified Network-wide Device Management
l eSight centrally manages servers, storage devices, virtualization, switches, routers,
WLAN, firewalls, eLTE CPEs, eNodeBs, eCNSs, equipment room facilities, UC, eIMS
devices, telepresence, video surveillance, and application systems.
l Pre-integrates management capabilities over devices from non-Huawei vendors, such as
HP, Cisco, and H3C.
l Supports visualized wizard-based custom access of devices that are not pre-integrated.
Multiple Service Management Components

Depending on the component-based design, eSight offers a diversity of components for users
to choose. The following figure shows the eSight component-based architecture.

eSight
Multiple Editions Catering for Differentiated Needs

To serve enterprise customers with different needs, eSight is classified into Standard and
Professional editions, as described in the following table.
Edition Management Function
Capability
eSight 5000 NEs This edition manages a wide array of network

Standard devices and supports various service components that
can be selected based on the site requirements.
eSight 20000 NEs In addition to providing all functions of the Standard

Professional Edition, this edition provides enhanced management
capabilities and enables a Linux two-node cluster
system to support two-node hot backup.
Independent NE Adaptation Capability

eSight provides an extension point mechanism, which allows incremental development of
functions and NE version adaptation packages. New functions and NE adaptation packages
can be added without changing code in earlier release packages. To add new functions,
develop new function plug-in packages and deploy them in eSight. To manage new devices,
simply add new NE adaptation packages.
Lightweight Web-based Client

eSight uses the B/S structure that does not require any plug-in, and can be accessed anytime,
anywhere. eSight can be upgraded or maintained by updating the software on the server,
reducing the total cost of ownership (TCO).
High Scalability
eSight provides an extension point mechanism, which allows incremental development of
functions and NE version adaptation packages. New functions and NE adaptation packages
can be added without changing code in earlier release packages. To add new functions,
develop new function plug-in packages and deploy them in eSight. To manage new devices,
simply add new NE adaptation packages.

eSight
Product Description 2 Functions and Features
2 Functions and Features
About This Chapter
2.1 Security Management

2.2 Resource Management
Resource management involves adding NEs and subnets, and managing NEs and subnets.
2.3 Alarm Management
When an exception occurs on a network, the eSight needs to notify maintenance engineers in
a timely manner so that they can recover the network quickly.
2.4 Performance Management
The performance of a network may deteriorate because of internal or external factors and
faults may occur. To achieve good network performance for live networks and future
networks while controlling costs, network planning and monitoring are necessary. In addition,
network efficiency such as throughput rate and resource usage needs to be measured. The
performance management function enables you to detect the deteriorating tendency in
advance and solve the potential threats so that faults can be prevented.
2.5 Topology Management
2.6 View Display on Home Pages
2.7 Big Screen Monitoring
2.8 Log Management
eSight logs record important user operations. You can view the log list or details about a log,
or export operation logs, operation logs, or system logs. The eSight provides information
about logs with three levels (warning, minor, and critical).
2.9 License Management
2.10 Database Overflow Dump
eSight provides the database overflow dump function to ensure sufficient database space.
eSight checks the database space every day for modules that have a large amount of data. If
data overflow occurs, eSight automatically dumps data to the specified path.
2.11 Hierarchical Network Management

eSight
eSight supports hierarchical network management, enabling an upper-layer NMS to centrally

monitor lower-layer NMSs and perform integrated O&M. An upper-layer NMS can manage a
maximum of 500 lower-layer NMSs.
2.12 Two-Node Cluster System
2.13 Maintenance Tool
2.14 Report Management
2.15 Network Management
2.16 Storage Management
2.17 Server Management
2.18 Virtual Resource Management
2.19 Application Management
2.20 Infrastructure Management
2.21 Collaboration Management
2.22 eIMS Management
2.23 eLTE Management
2.24 Custom Device Management
eSight allows users to manage custom devices from a variety of vendors, as long as the
devices support the SNMP, IPMI, or SMI-S protocol. The custom device management module
allows users to manage device types, performance indicators, alarm parameters, Telnet
customization, and configuration files; and customize the device panel to enhance the
management of basic device capabilities.
2.25 Integration Capability

eSight
2.1 Security Management

eSight provides security mechanisms in terms of system, network, data, and O&M.
Security Description Security Policies

Mechani
sm
System The system security Patch policies, security hardening policies,

security mechanism ensures that password policies, authentication and
the operating system, authorization, data encryption, security logs,
database, and minimum permission rule, and file property
middleware are running management.
properly to support
normal application
operation.
Network The network security l Routers are deployed to separate local area
security mechanism ensures that networks from external networks, enhancing
the switches, routers, data communication security.
and firewalls are l A network firewall is configured for the eSight,
running properly. ensuring network security.
l Rights accessible to external systems are
controlled and managed.
Data The data security l Encryption policies define encrypted storage

security mechanism ensures and transmission of sensitive data.
storage, transmission, l User management policies specify minimum
and management authorization.
security of user
information, system l Backup and restore policies ensure important
configuration data backup.
information, run l Data storage security supports switchover of the
operations, and HA system to recover system running in a
database data. timely manner.

eSight
Security Description Security Policies

Mechani
sm
O&M The O&M security l Access mechanism by group and permission

security mechanism provides l Access control policies: Access control policies
security for users, include password policies, login lock and
applications, and audits. unlock, and authentication policies.
l Log audit: Logs consist of security logs,
operation logs, and system logs.
l Automatic client logout mechanism.
l Application security mechanism: The eSight
provides password and identity authentication.
The system encrypts and stores sensitive user
information using a strong data encryption
algorithm. The system assigns a password to
each user, and verifies the user password when
providing services. This ensures user
information security.
Security management includes user management, role management (authorization

management, that is, rights- and domain-based management), user login management, and a
series of other security policies. The security solution of eSight is further improved by log
management (user login, operation, and system logs) and database backup.
Figure 2-1 shows the implementation mechanism of eSight security management.
Figure 2-1 Security management overview

eSight
NOTE
This topic focuses on eSight user security.

l For details about log management, see section 2.8 Log Management.
l For details about database backup and restore, see section 2.13 Maintenance Tool.
User Management
To successfully log in to an eSight client and perform maintenance and management
operations, users must obtain a correct user name and password. eSight uses unique user
names and passwords to determine login and operation rights of users.
eSight user passwords are stored in the database and encrypted using SHA256, an irreversible
encryption algorithm. A newly installed eSight system provides only one default user admin
who has all operation and management rights. Other users are directly or indirectly created by
the admin user. The admin user has all operation and management rights. The admin user
can create other users.
User attributes include the user name, password, role, description, and access control. Users
inherit operation and management rights of their roles. Access control limits the time and IP
addresses available for users to log in to eSight, which ensures eSight access security.
eSight provides the following user management functions:
l Creating users: Users can be created one by one or in batches.

l Deleting users
l Querying and modifying user attributes
l Changing user passwords
– Resetting a password
When forgetting the password for logging in to eSight, users can contact an
administrator to reset the password. After the password is reset, users can use a new
password to log in to eSight.
NOTE
The password for the admin user cannot be reset.

– Changing the password of the current user
Users can change their own password on eSight. To ensure user information
security, periodically change user passwords.
l Enabling and disabling users
A user account is automatically disabled if it is unused within the period specified in the
account policy. The user account can also be manually disabled if it is not needed.
A disabled user account can be enabled if needed.
Role Management (Rights- and Domain-based Management)

Each role is a set of rights. If a user needs certain rights, the corresponding role must be
granted to it. Role management makes user rights management easier. After an eSight user is
planned, a role needs to be granted to it so that the new user has sufficient rights to manage
devices.
Roles can be created, modified, and deleted on eSight. Their attributes can be queried.

eSight
eSight provides one default role Administrators who has operation rights for all managed
objects and cannot be modified.
Role attributes include the role name, user, managed object operation, and description.
l Managed object: This attribute specifies the objects and range of configuration data that
can be managed by a role. If role A cannot manage device C or object group D, the
topology view hides device C and devices in object group D from users in role A. An
object group is a group of devices. Object groups can be created, modified, and deleted
on eSight.
l Operation: This attribute specifies the operations that can be performed by a role.
Operation rights for a device may be assigned to different roles. Therefore, different
roles have different operation rights for the same device.
eSight achieves rights- and domain-based management by providing the managed object and
operation attributes: Users in the Administrators role or with the user management rights can
assign managed objects and operations to other users.
l Domain-based management is the operation of assigning different managed objects to
different roles. This function allows engineers from different O&M departments to
manage different network objects.
l Rights-based management is the operation of assigning different operations to different
roles. Rights-based management and domain-based management together allow
engineers with different duties (at different positions or from different O&M
departments) to perform different operations on managed objects in the same area.
Rights- and domain-based management unifies device and function management. Specifically,
managed objects are assigned based on devices; operation rights are assigned based on
functions on devices.
User Authentication
eSight uses three modes to authenticate users: local authentication, Remote Authentication
Dial In User Service (RADIUS) authentication, and Lightweight Directory Access Protocol
(LDAP) authentication.
l Local authentication: User management, authentication, and security policies are all
controlled by the eSight server. The eSight uses this mode by default. For details about
this mode, see section Local Authentication.
l RADIUS authentication: When a user logs in, eSight verifies and authenticates the login
request through the RADIUS server, finds the role of the user based on the user group
obtained from the RADIUS server, and authorizes the user. For details, see RADIUS
Authentication.
l LDAP authentication: When a user logs in, eSight verifies and authenticates the login
request through the LDAP server, finds the role of the user based on the user group
obtained from the LDAP server, and authorizes the user. LDAP authentication is similar
to RADIUS authentication except that the two modes use different authentication
protocols. For details, see LDAP Authentication.
Local Authentication
In the local authentication mode, user security management ensures the security of eSight on
multiple levels, including the local user management, rights management, password policy,
account policy, login control, and automatic client logout. Password and account policies,
after being configured, take effect on all eSight users.

eSight
l Password policy
– Minimum password length (8 characters by default)
– Maximum attempts to enter the password the same as old passwords (3 attempts by
default)
– Maximum number of occurrences of a character in a password (3 times by default)
– Minimum time interval between password change attempts (5 minutes by default)
– At least one special character in a password (not limited by default)
– Password validity period, including the number of days (90 days by default) within
which a password is valid and the time (7 days by default) when the eSight sends a
warning before a password expires
l Account policy
– Minimum length of a user name (6 characters by default)
– Account invalidation: the number of days (60 days by default) within which an
account is inactive
– Account locking: the maximum number of failed login attempts (5 attempts by
default) within a certain period (10 minutes by default) before an account is
automatically locked (for 30 minutes by default)
l Login control: Login control includes time and IP address control.
– Time control specifies the time during which users can log in. Users cannot log in to
eSight beyond the specified time.
– IP address control specifies the IP addresses that the eSight clients can use to log in
to the eSight server. IP address control prevents those who steal user names and
passwords from logging in to the eSight server and therefore further enhances the
eSight security.
l Automatic client logout
To prevent other users from performing unauthorized operations, eSight allows users to
set the client to be automatically logged out. If a user does not perform any operations
within a specified period of time, the client is automatically logged out.
RADIUS Authentication
When RADIUS authentication is adopted, the administrator does not need to create a user
account on eSight in advance. The user account for logging in to eSight is an existing account
that can pass the authentication of the RADIUS server.
When a user enters the user name and password, the security process of the eSight server
sends the user name and password to the RADIUS server. If the user is authenticated by the
RADIUS server, the security process obtains the user group of the user from the RADIUS
server, finds the matched role on eSight, and authorizes the user.
NOTE
Before using the RADIUS authentication mode, ensure that the name of the role defined on eSight is the
same as that defined in the account database of the RADIUS server. In addition, ensure that the account
to be authorized is added to a user group.
For the RADIUS authentication process, see Figure 2-2.

eSight
Figure 2-2 RADIUS authentication
LDAP Authentication
As a distributed client/server system protocol, LDAP is used in the VPN and WAN to control
user access to the network and prevent unauthorized users from accessing the networks.
The LDAP authentication mode is similar to the RADIUS authentication mode, but they have
different authentication protocols. The LDAP authentication mode supports the following
features that are not supported by RADIUS authentication:
l Common mode (encryption-free), secure sockets layer (SSL) mode, and transport layer
security (TLS) mode for communication between eSight and LDAP servers.
l Multiple LDAP authentication servers.
For the LDAP authentication process, see Figure 2-3.

eSight
Figure 2-3 LDAP authentication
Session Management
l Querying online users
Online user information can be queried, including the user name, login time, and login IP
address.
l Logging out of users
When viewing online users, you can force an unauthorized user to log out. This prevents
the unauthorized user from performing unauthorized operations.
l Switching the user login mode
The user login mode specifies whether to allow multiple users to log in to the eSight client
concurrently. The multi-user mode is used in most cases. The single-user mode is used to
prevent interference from other users when a user needs to perform special operations on the
eSight server.
l In single user mode, eSight allows only the current user to log in to the eSight client, and
other all online users are forcibly logged out.
l After the current user exits the single user mode, other users can log in to the eSight
client again.
2.2 Resource Management

Resource management involves adding NEs and subnets, and managing NEs and subnets.
Adding NEs
NEs can be added by automatic discovery, singly, and in batches.

eSight
eSight supports SNMP, SNMP+Telnet/STelnet, HTTPS, IPMI, MML, REST, SMI-S, SOAP,
SSH, TLV, TR069, WMI protocols.
NOTE
SNMPv1 and SNMPv2c have security risks. SNMPv3 is recommended.

The Telnet protocol has security risks. STelnet is recommended.
l Automatically discovering NEs
Automatic discovery supports multiple protocols and discovery methods, and allows
users to configure and manage discovery tasks. NEs can be discovered in any of the
following ways:
– By network segment (simple): Discover and add devices within a specific IP
network segment based on configured SNMP information.
– By network segment (complex): Discover and add devices within a specific IP
network segment based on specified protocol information (SNMP or other
protocols).
– By ARP: Use the ARP table to automatically search for network devices that can be
managed.
– By routing: Use the device routing table to automatically search for network
devices that can be managed.
l Adding a single NE
This mode applies to the scenario in which you want to add a few NEs with IP addresses
and protocols available.
l Importing NEs
You can import a file containing NE information (IP address and protocol) to add NEs in
batches, greatly improving work efficiency. In this mode, both online and offline devices
can be added.
Device and Subnet Management

eSight provides the following functions to manage devices and subnets:
l Query devices or subnets.

You can set the search criteria to query required devices or subnets.
l Create, modify, and delete subnets.
– You can create a subnet and add devices to the subnet for management ease.
– When subnet information changes, you can modify subnet attributes.
– If eSight does not need to manage some subnets due to the network topology
change, you can delete unnecessary subnets.
l View subnet information.
You can view the basic subnet information.
l View device information.
You can view the basic information and protocol information about devices.
l Adjust the subnet to which a device or a subnet belongs.
When the network topology changes, you can adjust the subnet to which a device or a
subnet belongs based on the site requirements.

eSight
Group Management
1. Device Group
You can use the device group management function to classify devices to be maintained
and monitored into a group based on monitoring and O&M requirements.
– Scenario 1:
eSight needs to collect CPU and memory information from routers and switches. Routers
are backbone devices whose faults must be detected in a timely manner. Therefore, you
need to set the performance collection interval of routers to a value smaller than that of
switches. To achieve this purpose, you can use the predefined router group and switch
group to set the monitoring parameters.
– Scenario 2:
Devices in an area of a campus network are being upgraded. You can create a group by
device name and add all devices in the area to a group. Devices are named according to a
specified rule, for example, the device name contains the area ID. During the upgrade,
eSight can shield alarms reported by devices in the area.
eSight provides predefined groups by device type, such as Router and Switch.
You can define device groups by device name, type, subnet, manufacturer, IP address,
category, remarks, and asset owner.
After devices are added to eSight, eSight automatically classifies the devices into
predefined and user-defined groups.
2. Interface Group
You can use the interface group management function to classify device interfaces to be
maintained and monitored to groups based on monitoring and O&M requirements.
– Scenario 1:
A large number of device interfaces exist on a network. However, you need to monitor
interfaces that affect network maintenance only. In this case, you can use the predefined
linked interface group to collect traffic and performance data from linked interfaces only.
– Scenario 2:
Many users in a network area report that their network speed is slow and they frequently
go offline. In this case, you can create an interface group by interface alias or description
and add outbound interfaces of the area to the group. eSight monitors these interfaces
and collects data for analysis.
eSight has a predefined linked interface group.
You can define interface groups by device type, category, group, IP address, alias, name,
description, asset owner, link availability, interface rate, interface alias, interface name,
and interface management status.
After device interfaces are synchronized to eSight, eSight classifies the interfaces to
predefined and user-defined groups.
Device Resources
l View the following information about devices: name, IP address, type, software version,
vendor, synchronization time, maintenance time, launch date, repair and maintenance
expiration time, NE creation time, time zone, asset manager, asset number, purchase
date, and remarks.
l Import and export device resources and device information and determine whether to
manage NEs.

eSight
l Batch set SNMP, Telnet, and NetConf parameters; batch synchronize devices; batch
configure time zones; and batch move devices to subnets.
l Batch configure device remarks as well as repair and maintenance information.
l Query device entity data.
l View devices in the topology.
Global Search
eSight supports global search of devices, interfaces, and users by keyword. Search results
provide shortcut operations or links for alarms, performance, topology, and NE manager.
2.3 Alarm Management

When an exception occurs on a network, the eSight needs to notify maintenance engineers in
a timely manner so that they can recover the network quickly.
The eSight has the following alarm management functions:
l Monitoring network-wide alarms and remotely sending alarm notifications.

The eSight informs maintenance engineers of faults immediately after the faults occur,
ensuring troubleshooting in a timely manner.
l Masking alarms, and providing the alarm maintenance experience base.
These functions improve alarm handling accuracy and efficiency.
l Synchronizing alarms, which ensures reliable alarm management.
l Providing customized functions such as alarm filter and alarm severity redefinition to
meet requirements in various scenarios.
Faults, Alarms and Events

l Faults and alarms
An alarm is a message reported when a fault is detected. Not all faults result in alarms.
Only the faults that the system can detect result in alarms. The others do not result in
alarms, but they still persist.
l Alarms and events
– Similarity: Both alarms and events are the presence of anything that takes place on
the managed object detected by the eSight.
– Difference: An alarm is a message reported when a fault is detected by eSight. An
event is anything that takes place on managed objects. When an alarm is generated,
you need to troubleshoot the fault. Otherwise, the services may run abnormally. If
an event occurs, the managed object has changes but the service may not be
affected.
Alarm Reporting and Handling Flowchart

Figure 2-4 shows the alarm reporting and handling flowchart of the eSight.
The following sections describe eSight alarm functions based on the flowchart.

eSight
Figure 2-4 Alarm reporting and handling flowchart
Alarm Synchronization
After generating an alarm, a device reports the alarm to the eSight within less than 10s and the
eSight then displays the alarm in the alarm list. After communication between the eSight and
an NE recovers from an interruption, or the eSight is restarted, some alarms on the NE are not
reported to the eSight. The NE alarms on the eSight are different from the actual alarms on
the NE. In the case, you need to synchronize alarms to ensures that the eSight displays the
current operating status of the NE correctly.
Alarms are synchronized according to the following rules:
l If an alarm is cleared from an NE but remains uncleared on the eSight, the alarm will be
cleared from the eSight.
l If an alarm is present on an NE but absent on the eSight, the alarm will be added to the
eSight.
Alarm Severity Redefinition

The eSight allows users to redefine (increase or reduce) the severities of some device alarms
based on their actual concerns.
Alarm Masking
l Users can set alarm masking rules to mask unimportant alarms. Alarm masking rules
include the date, time, alarm source, and alarm name.
l While an NE is being repaired, tested, or deployed, the NE may report a large number of
alarms which can be ignored. In this case, you need to mask these alarms so that the
eSight neither displays nor saves them.
Network-Wide Alarm Monitoring

In traditional domain-based maintenance, cross-domain faults are manually handled, which is
inefficient. The eSight provides the network-wide alarm monitoring function that enables
users to learn the running status of the entire network. The eSight also provides the template-
based alarm filter function. Specifically, the eSight allows users to set alarm filter templates
with common filter criteria such as the location, type, and network layer of devices that
generate alarms. The templates facilitate alarm queries.
On the eSight, users can monitor alarms by severity or device.
l By severity: Users can monitor network-wide alarms of each severity. For details, see the
"Alarm Monitoring by Severity" section.

eSight
l By device: Users can view alarms of network-wide devices. For example, a user can
view all current alarms of a device or a type of device. For details, see the "Alarm
Monitoring by Device" section.
Alarm Monitoring by Severity

Alarms can be monitored by severity on the alarm panel and in the current-alarm list and by
alarm sound. Figure 2-5 shows the alarm panel.
Figure 2-5 Alarm panel
Table 2-1 Alarm monitoring by severity

Function Description
Alarm panel The alarm panel displays the total number of current alarms of
each severity on an MO. It provides an overall view of system
faults and can serve as the monitoring board.
Alarm sound Users can specify sounds for alarms of different severities. After
an alarm is generated, the sound box on an eSight client plays the
specified sound.
Current-alarm list Users can set filter criteria and enter keywords to search for alarms
that have not been acknowledged or cleared.
Alarm Monitoring by Device

Users can view alarms of network-wide devices. For example, a user can view all current
alarms of a device or a type of device. In the topology view, the device icons are color-coded
by the highest severity of alarms generated on the devices.
Remote Alarm Notification

Users can set rules for sending remote alarm or event notifications. After alarms or events that
match the rules are generated, the eSight sends them to specified recipients by short message
or email. This helps remote maintenance personnel learn the alarms or events in a timely
manner and take appropriate measures.
Users can customize the required notification template and recipient groups.
2.4 Performance Management

The performance of a network may deteriorate because of internal or external factors and
faults may occur. To achieve good network performance for live networks and future
networks while controlling costs, network planning and monitoring are necessary. In addition,
network efficiency such as throughput rate and resource usage needs to be measured. The
performance management function enables you to detect the deteriorating tendency in
advance and solve the potential threats so that faults can be prevented.

eSight
Performance Management Process

The eSight uses a graphical user interface (GUI) to monitor key network indicators and
display statistics on the collected performance data, as shown in Figure 2-6
Figure 2-6 Performance management process
eSight performance management includes an impressive array of functions, including counter

template management, collection task management, historical performance data query, real-
time performance data query, and performance counter collection status monitoring. The
following describes performance management modules.
Counter Template Management

Devices of the same type have the same counter attributes that can be specified in a counter
template. The counter template can be directly loaded to quickly set collection counters for
specified devices when you create a performance collection task.
The eSight offers the following counter template management functions:
l Add, delete, or modify counter templates.

l Set counters in counter templates (performance data to collect).
l Specify performance counter thresholds in counter templates. If a counter has met
threshold conditions for several consecutive times, an alarm is generated. You can
monitor the performance of specified resources through alarms.
Thresholds include the upper and lower limits for triggering and clearance. Threshold
alarms are classified into upper limit alarms and lower limit alarms.
Collection Task Management

The eSight allows you to manage performance data collection tasks. Collection tasks define
the devices and counters to collect performance data. After the counter data about a device is
collected, you can view historical performance data about the device.

eSight
By default, the eSight offers the following global collection tasks to collect performance data
about network-wide devices:
l Connect Status Monitor
l CPU Usage Monitor
l Memory Usage Monitor
l Packet Loss Rate Monitor
l Port Usage Monitor
l Response Time Monitor
You can customize the following information about global collection tasks:
l Start or stop a collection task.
l Change the collection interval.
l Check the counter collection status of devices.
The eSight also offers the following performance task management functions:
l Add, delete, start, stop, and modify performance collection tasks.
l View the counter collection status.
Performance Counter Collection Status Monitoring

After a performance collection task is created, you can regularly monitor the performance
counter collection status to rectify collection faults in a timely manner and ensure that the
collection task collects correct data for your query and analysis.
The eSight allows you to monitor the performance counter collection status by resource type
and collection task.
On the page where performance counter data is displayed, you can also view historical
performance data and check statistical diagrams about historical data.

eSight
Querying Real-Time Performance Data

You can query real-time performance data to monitor the running status of devices, which
enables you to take prompt measures in response to exceptions. For example, when a
threshold alarm (such as high CPU usage) is reported, you can check the real-time
performance data and determine whether an exception occurred.
The eSight displays real-time data in curve graphs.
l You can query real-time performance data by specifying search criteria.
l You can export query results as .csv files.
l This can be saved to the favorites folder. Users can directly perform real-time monitoring
after accessing the favorites folder.
Querying Historical Performance Data

After the eSight collects device performance data, you can query historical performance data
by counter and resource on the eSight client, which helps you keep abreast of the performance
trend and prevent fault occurrence.

eSight
Users can modify indicators on the historical data page. Users can drag the time slider to
change the time range of the curve in the chart. Users can also change the page layout and set
the quantity of columns (1, 2, or 3) to be displayed on the page.
Users can save indicator and layout configurations to the favorites folder, from which users
can directly display historical curves of specific indicators without entering the overview
page.
My Favorites
You can organize and manage your concerned data through the My Favorites function.
Overview data, historical performance data, and real-time performance data can be saved to
my favorites.
2.5 Topology Management

With topology management, managed NEs and their connection status are displayed in
topology views. You can browse a topology view to learn about the network architecture and
check the running status of devices on the entire network.

eSight
Table 2-2 Terms in topology management

Term Description
NE Core unit of topology management, which identifies managed devices. In a

topology view, different icons indicate different types of NEs.
Subnet Smaller network divided from a large network based on the region or device type
to simplify network management.
Link Physical or logical connection between devices.
Figure 2-7 Topology management page
Topology View
l The topology management page offers a tree structure on the left and a topology pane on
the right. Topology objects are organized hierarchically by layer.
l eSight allows you to zoom in or zoom out in a topology view. An aerial view is provided
to show you the entire topology structure.
l You can view the alarm status of devices and links.
l eSight can switch between bright and dark styles to display rich media tips.
l eSight offers rich media tips. eSight offers link labels to display the collected
performance data, such as interface traffic.
l eSight displays the parent and child relationships between MP-Group bound links and
monitors the link status.
l You can view network-wide VLAN information, allowed VLANs on both interfaces of a
link, and paths in a VLAN.

eSight
Figure 2-8 Display of rich media tips, interface performance with link label, and MP-Group
link binding relationship
Topology Operation
l In a topology view, you can: Zoom in or out the topology; export and print pictures; set a
background picture; view the topology in full screen or screen-adaptive mode; and return
to the previous page.
l Add connected physical devices in the topology, view device management information,
modify basic NE attributes as well as repair and maintenance information, set protocol
parameters, synchronize device data, move and delete nodes, and save locations.
Figure 2-9 Adding a device

eSight
Figure 2-10 Creating a subnet
Figure 2-11 Setting SNMP parameters
l Perform operations by means of right-click menus: You can right-click one or more
devices and links or right-click on a blank area in the topology to display the shortcut
menus.

eSight
Figure 2-12 Pop-up menu after right-clicking the blank area

eSight
Figure 2-13 Pop-up menu after right-clicking a single device
Figure 2-14 Pop-up menu after right-clicking multiple devices
l Provides a unified entry for topology display, allows users to specify general settings,
device labels, monitored performance data, such as interface traffic at two ends of links
and bandwidth usage, customize link filtering by the link type or status, adjust the link
color based on the interface bandwidth usage, and customize the link name and tips.

eSight
Figure 2-15 Unified entry for link display settings
Figure 2-16 Displaying collected interface performance data on links

eSight
Figure 2-17 Filtering links by the link type or status
Before the filtering:

eSight
After the filtering:

eSight
Figure 2-18 Automatically adjusting the link color based on the interface bandwidth
usage
l Users can flexibly set the device icon size and style and customize the link thickness and
style to define the device icon or link style for each specific operation and maintenance
scenario.

eSight
Figure 2-19 Modifying the device icon size
Figure 2-20 Batch defining the device icon style
l Users can customize topology layouts, including circular, star, symmetrical, up-and-
down tree, staggering, and network layer-based deployment.

eSight
Figure 2-21 Deployment by network layer
l Users can set the subnet background as the map, zoom in, zoom out, and move the map,
as well as set NE locations on the map.
Figure 2-22 Setting the subnet background as the map

eSight
Figure 2-23 Setting NE locations on the map
l eSight provides the NE mapping function to map NEs to different subnets, so users can
monitor the upper-layer egress devices in the same subnet view. Mapped NEs are marked
in dotted lines to be distinguished from other NEs.
Figure 2-24 Adding NE mappings

eSight
Figure 2-25 Mapping NEs to subnets
Figure 2-26 Deleting NE mappings
l Offer the following shortcut operations in the physical topology:
Table 2-3 Shortcut operations in the physical topology
No. Shortcuts Description
1 Ctrl+A Select all resources in the topology, including devices,

subnets, and links.
2 Ctrl+X Cut selected resources, including devices and subnets.
3 Ctrl+V Paste cut resources.
4 Ctrl+S Save the topology.

eSight
No. Shortcuts Description
5 Ctrl+R Refresh the topology or restore the last saved status for
the topology.
6 ESC Close the current window.
7 Alt+ Mouse Zoom in or out the topology.

wheel
l Double-click a device icon to enter the NE management page.
Topology Editing
Topology editing is an important topology operation, allowing users to visually edit the
system organization, description, and marks in the topology based on the site requirements.
Users can draw boxes, circles, and ovals, and enter text in the topology. Users can save
custom topologies, edit added figures and text, and cut, delete, and switch layers.
Figure 2-27 Topology editing capabilities
Display of Alarm Severity

The color of a node reflects the severity of the most severe alarm that the node is
experiencing. Update of such colors is real-time so you can handle emergencies promptly.
Shortcut Access to NE Management

l Connect physical devices, create subnets, and create links.
l Access the NE management page.
l Set SNMP and Telnet protocol parameters for one or more devices.
l Synchronize, refresh the status of, cut, copy, and delete one or more devices.
l Modify the basic as well as repair and maintenance information about devices.
l Customize device icon sizes and styles.

eSight
Browsing NE Performance Data

Users can view the CPU usage, memory usage, response time, unreachable ping ratio of the
NEs on the tips in the topology view, as shown in Figure 2-28.
Figure 2-28 Browsing NE performance data
Browsing Link's Historical Performance

Users can view historical performance of a link's transmit and receive rate from the link
historical performance menu in the topology view, as shown in Figure 2-29.
Figure 2-29 Browsing link's historical performance

eSight
Browsing VLAN Information

l Users can view network-wide VLAN information in the physical topology and query
data by the VLAN ID and description.
l eSight displays allowed VLANs on interfaces at both ends of a link by the link label.
l eSight can display allows paths in a VLAN, including devices in the VLAN, links
between the devices, and subnets. Blocking points on a loop for a certain VLAN are
displayed based on the MSTP-based calculation result. Devices and links in a non-
specified VLAN are displayed in semitransparent mode to be highlighted.
Figure 2-30 Browsing VLAN information
2.6 View Display on Home Pages

The eSight can use portlets on home pages to display key device data. This helps you monitor
device status, detect abnormal devices, and handle faults in a timely manner, which ensures
proper device running.
Home Page Management

l Creating a home page
The eSight provides only one default home page. You can create multiple home pages
and display portlet views that you concern on different home pages by type.
l Modifying a home page name
You can modify a home page name to re-identify the home page.
l Displaying a home page on the top
You can display a home page that you concern on the top.
l Deleting a home page
You can delete redundant home pages.
Portlet Management
Portlets are views that display devices and network-wide device status in lists, curves, and bar
charts. Portlets are displayed in areas of a home page.

eSight
l Creating a user-defined portlet

You can integrate third-party interfaces to the eSight home page to monitor them.
l Displaying and hiding a portlet
You can display only the portlets that you concern on a home page and hide those that
you do not concern.
l Manually updating portlet data or setting the period for updating portlet data
You can update monitoring data in real time.
l Zooming in on and zooming out of a portlet
You can zoom in on and out of a portlet as required.
2.7 Big Screen Monitoring

The eSight provides big screen monitoring. The eSight can display top N monitoring services,
such as alarms and topologies, in a big screen with a large resolution so that users can monitor
important information in a big screen and view the IT O&M effects.
The eSight support the following big screen monitoring functions:
l Provides colors and layouts that fit big screens.
l The big screen monitoring page provides portlets for the physical topology and user-
defined topologies.
l Provides portlets for monitoring top N alarms.
l Provides portlets for monitoring current-alarm statistics.
l Users can customize monitoring pages and adjust the big screen monitoring layouts.
2.8 Log Management

eSight logs record important user operations. You can view the log list or details about a log,
or export operation logs, operation logs, or system logs. The eSight provides information
about logs with three levels (warning, minor, and critical).
Security Log
Security logs record the security operations that are performed on the eSight client, such as
logging in to the server, changing passwords, creating users, and logging out of the server.
You can query security logs to understand the information about eSight security operations.
System Log
System logs record the events that occur on the eSight. For example, the eSight runs
abnormally, the network is faulty, and the eSight is attacked. System logs help analyze the
operating status of the eSight and rectify faults.
You can query system logs to understand the information about eSight system operations.
Operation Log
Operation logs record the operations that are performed on the eSight, such as adding a
monitoring view and modifying the resource manager.

eSight
You can query operation logs to understand the information about user operations.
2.9 License Management

License refers to the permission that the vendor grants for users with the eSight management
capacity, number of connected clients, and duration. License management involves querying
license information, obtaining an ESN, revoking a license, importing a license, and sending
license alarms.
The eSight has the following license management functions:
Querying License Information

You can query the license authorization and consumption information about the eSight client.
Obtaining an ESN
You can obtain an ESN from the eSight client. The ESN is required when you apply for a new
license.
Revoking a License
When the ESN changes or the network is adjusted, you can revoke the current license and use
the generated invalidity code to apply for a new license.
NOTE
Only the user with the Revoke License permission can revoke the current license.
A trial license cannot be revoked.
Importing a License File

You can import a new license file from the eSight client to the eSight server.
NOTE
Only the users with the Update License permission can import license files.
Sending License Alarms

When a license becomes abnormal, the system displays the license status and sends a license
alarm, which prevents service interruption due to license expiry.
2.10 Database Overflow Dump

eSight provides the database overflow dump function to ensure sufficient database space.
eSight checks the database space every day for modules that have a large amount of data. If
data overflow occurs, eSight automatically dumps data to the specified path.
Data overflow dump includes overflow dump for logs, alarms, performance data, SLA data,
NTA data, virtual resource data, config file manager data, and terminal access data.

eSight
2.11 Hierarchical Network Management

eSight supports hierarchical network management, enabling an upper-layer NMS to centrally
monitor lower-layer NMSs and perform integrated O&M. An upper-layer NMS can manage a
maximum of 500 lower-layer NMSs.
eSight automatically synchronizes resources from lower-layer NMSs to the upper-layer NMS
which has the following management functions: topology management, resource
management, alarm management, user authentication, and portal summary. Users can directly
jump to a lower-layer NMS from the upper-layer NMS, and perform further operations over a
specific managed object.
Unified Topology Management

The upper-layer NMS provides a unified topology management view to manage all the NEs in
lower-layer NMSs. Users can right-click an NE to check alarm and performance data, and
jump to the NE manager.
Figure 2-31 Unified topology management
Unified Resource Management

eSight automatically synchronizes resources from lower-layer NMSs to the upper-layer NMS,
and centrally displays the resources on the resource management page in the upper-layer
NMS, as shown in the figure below. On the resource management page, users can check
device running status, and jump to the NE manager in a lower-layer NMS for device
maintenance.

eSight
Figure 2-32 Unified topology management
Unified Alarm Management

The upper-layer NMS aggregates alarms from lower-layer NMSs, and displays concerned
alarms customized by users.
Users can acknowledge and clear alarms in the upper-layer NMS, and synchronize the results
to the lower-layer NMSs.
Figure 2-33 Unified alarm management
Network-wide Portal Aggregation

The upper-layer NMS provides network-wide alarms; displays key indicators such as top N
NE alarm statistics, lower-layer NMS topology, and lower-layer NMS list on the portal; and
allows users to click a link on the portal to jump to a lower-layer NMS for further operations
and management.

eSight
Figure 2-34 Network-wide portal aggregation
Unified User Authentication

By deploying the SSO Server and AAA authentication server, the upper-layer NMS provides
unified user management and SSO. After logging in to the upper-layer NMS, a user can
directly log in to a lower-layer NMS without entering the user name or password.
eSight provides extensive rights control capabilities. Only authorized upper-layer NMSs can
check lower-layer NMSs. Lower-layer NMSs cannot access the upper-layer NMS or the NMS
of the same level.
When upper-layer and lower-layer NMSs are disconnected, a lower-layer NMS can log in as a
secure survival account through the local SSO Server for local maintenance.
Figure 2-35 Unified user authentication

eSight
2.12 Two-Node Cluster System

The eSight high-availability system offers two-node cluster hot standby and switchover
functions. Software and hardware requirements for active and standby servers are the same.
The Veritas remote hot standby technology is used to synchronize data between active and
standby servers in real time, and dynamically monitor eSight running status. In case of a
hardware, operating system, or key application fault, eSight automatically switches services to
the standby server within 15 minutes.
Two-Node Cluster Deployment

Two-node cluster deployment involves the installation of the RAID disk partition tool, Linux
operating system, Veritas software, Oracle database, and eSight software. To reduce
installation complexity and improve installation efficiency, the Linux operating system can be
installed through a single mouse click. The Veritas software and Oracle database can be
installed jointly.
Two-Node Cluster Association

After the software is installed, associate active and standby servers.
Two-Node Cluster Disassociation

You can also disassociate active and standby servers.
2.13 Maintenance Tool

The eSight maintenance tool provides the system maintenance functions listed below.
System Monitoring
The maintenance tool allows you to view the memory status and CPU status of the server (if
installed on a physical server) or virtual machine (if installed on a virtual machine).
DB Password Management
The maintenance tool allows you to change the password of a common database user or a
default database user.
Operation Log
The maintenance tool allows you to query operation logs. The operation logs help you learn
about daily operations performed by the sys user.
Change Password
The maintenance tool allows you to change the password of the maintenance tool user sys. To
ensure security, you need to change the password periodically.

eSight
Starting and Stopping NMS Processes

The maintenance tool allows you to start and stop a local or remote NMS process or start a
daemon for it. A daemon automatically starts the process it protects when the process quits
unexpectedly.
Server Management
The maintenance tool allows you to manage NTA and WLAN servers.
Backup and Restoration

The maintenance tool allows you to back or restore configuration files and database data, or
configure a backup policy for automatic backup, Through automatic backup, eSight can
automatically back up the database and configuration files according to the backup policy.
Through immediate backup, eSight can immediately back up the database and configuration
files to the backup path of the backup policy. Through Manual Restoration, eSight can
manually restore eSight to the state before the backup to ensure the security of eSight.
2.14 Report Management

eSight Agile Reporter is a professional end-to-end data analysis and report display platform,
which provides data integration, report display, dashboard monitoring, self-service data
analysis, periodic reporting, and email notification functions. Users can check and compare
data from different dimensions to make correct decisions.
Analytical Agile Reporter

Analytical Agile Reporter uses the online analytical processing (OLAP) method, so that
analysis personnel can drag and drop required dimensions and measurements on the eSight
browser to generate reports. In addition, drilling down, rotating, and slicing operations are
supported for flexible display and summarization of service data. Agile Reporter allows users
to analyze service data from multiple dimensions, and displays query results using easy-to-
understand charts and tables. Functions of the multidimensional analytical Agile Reporter are
summarized as follows:
l Allows users to drag and drop measurements and dimensions on the pages to generate
reports.
l Supports value filtering and sorting, as well as flexible selection of search conditions.
l Provides quick chart-table conversion capability.
l Provides various calculation functions, such as year-on-year and month-on-month data
comparison, as well as average and sum calculation.
l Provides diversified report analysis capabilities, such as drilling down, rolling up,
slicing, and Top N sorting.
l Supports real-time updating of report data, that is, the system can automatically update
reports based the latest report format.
l Exports reports in PDF and Excel formats.
Service KPI Dashboard

Dashboard is a data visualization tool used to display to measurement data and key
performance indicator (KPI) status to enterprise users. It applies to scenarios such as service

eSight
KPI monitoring, data comparison, and correlation analysis. Dashboard has the following
advantages:
l Report data on the dashboard is updated in real time, and users can configure the
frequency at which report data is updated.
l Users can customize reports to be displayed on the dashboard.
l Association between reports is supported. When there is a dependency between report
data of different components, the association function allows users to analyze report data
comprehensively.
l Users can import created agile reports to the dashboard to view multiple reports on the
same page.
Periodic Report Task Management

eSight allows users to create a variety of periodical reports, including daily, weekly, monthly,
quarterly, semi-annual, and annual reports.
l Users can specify the time range of periodical reports.

l Users can configure rules for forwarding reporting via email.
l Users can enable and disable periodical report tasks.
2.14.1 Network Report

eSight presents performance and alarm analysis reports in multiple dimensions, helping users
perform analysis, optimization, and decision-making.
The following table lists pre-configured network reports.
Report Type Report Name
NE inventory Device Supplier Graphic Report
Port Usage Report
Device Category Graphic Report
Device Type Report
Performance Interface Traffic Performance Report
NE CPU and Memory Usage Report
Alarm Network Device Alarm Event Type Graphic Report
Network Device Alarm Distribution Graphic Report
Network Device Alarm Severity Report
TopN Device Alarm Severity Report
NE Connection Report
Interface Connection Report
Link Connection Report

eSight
Report Type Report Name
WLAN Resource AC Join Statistics Report
AC Traffic Statistics Report
AC User Trend Report
AP Interface Detail Report
AP Join Detail Report
AP Load Detail Report
AP Traffic Detail Report
Radio Detail Report
WLAN User Online Client Detail Report
Client Detail Report
Session Detail Report
WLAN Terminal Location Enter Rate Statistics Report
Enter User and Enter Rate Statistics Graphic Report
Total User and Enter User Statistics Graphic Report
Regular Customer Statistics Report
Regular Customer Trend Graphic Report
2.14.2 Storage Report

eSight presents performance and capacity analysis reports of storage devices, hosts, and VMs
from multiple dimensions, helping users analyze performance bottlenecks and work out
capacity plans.
The system pre-integrates block storage, file storage, and host performance and capacity
reports, facilitating regular
storage system performance and capacity checks.
l Default homepage: displays device statistics by region.
l Default capacity report: displays capacity data for each device.
l Top N capacity report: displays top N maximum/minimum capacity data for devices.
l Top N performance report: displays top N maximum/minimum performance data for
devices.
l Capacity trend prediction: displays the capacity trends of a single device in the past 24
hours, 7 days, and 30 days.

eSight
2.14.3 Resource Report

A resource report collects statistical information about added and total resources in terms of
time, region, type, and vendor, intuitively presenting the change tracks and status quo of
resource quantities.
eSight pre-configures the following resource reports:
l Number of added resources

l Resource statistics
2.15 Network Management
2.15.1 IP Topology Management

You can go to the IP topology management page to check the links between routing devices
and layer-2 network devices.
Table 2-4 Terms in IP topology management

Term Description
NE Core unit of topology management, which is used to identify managed

devices. In a topology view, different icons indicate different types of NEs.
IP subnet IP network subdivision identified by a subnet mask and a range of IP

addresses.
Link Physical or logical connection between devices.
Routing Network device with routing capabilities.

device
Layer-2 Network device running on the data link layer of an Open System
device Interconnection/Reference Model (OSI/RM) network.
Topology View
l The IP topology management page offers a tree structure on the left and a topology pane
on the right. Topology objects are organized hierarchically by subnet.
l eSight allows you to zoom in or zoom out in a topology view. Meanwhile, an aerial view
is provided for you to understand the entire topology structure.
l You can view the alarm status of devices and links. Detailed device or link information is
displayed in a tip when you bring focus to the device or link.
Operations in a Topology View

In a topology view, you can:
l Zoom in or zoom out.

eSight
l Export and print topology images and set a picture as the background of the topology
view.
l Move nodes and save their new positions.
l Use shortcut menus.
Display of Alarm Severities

The color of a node reflects the severity of the most severe alarm that the node is
experiencing. Update of such colors is real-time so you can respond to emergencies promptly.
Shortcut Access to NE Management

The topology view offers a shortcut menu for you to access the NE management page.
Interface IP Address Change History

You can view the interface IP address change history of an NE or the whole network.
2.15.2 Link Management

eSight automatically discovers links between devices, allows users to manually create link
connections, and displays the links in the topology view, implementing link management.
Users can monitor the link status to better understand the network topology and changes of
the monitored network.
Link Discovery
Currently, eSight supports automatic link discovery based on the MAC forwarding table,
interface IP address, LLDP, and CDP, and allows users to manually adjust links.
Display Rule
On the display rule page, you can select fields required for link name rules and tips rules. Tips
are displayed for links in the topology.
Link Hidden
The link hidden function applies to the following scenarios: You want to hide a link in the
physical topology and prevent it from being displayed during automatic and manual
discovery. An incorrect link exists in the topology and needs to be hidden.
After you hide a link in the physical topology or the link management page, the link is not
displayed on eSight. If you want a hidden link to be displayed, click View Hidden Link on
the link management page and restore the link.
Link Deletion
The link deletion function deletes link data from eSight. After eSight discovers deleted links
again, the links can be displayed on eSight.

eSight
2.15.3 Single NE Management

Functions
View
l Basic Information: provides an overview of NE management, including basic
information about an NE, KPIs, top N alarms, and interface traffic.
l Device Panel: displays an NE in graphics.
l Alarm List: displays an NE's active alarms.
l Performance Status: displays an NE's performance counters.
Device Config
l WEB NMS: displays the web management page provided by an NE.
l Interface Manager: lists an NE's interfaces and allows you to enable or disable an
interface and suppress or allow an alarm.
l IP Addresses: lists an NE's IP addresses.
l Configuration Files: allows you to view and back up an NE's configuration files.
Protocol Parameters
l Telnet Parameters: allows you to modify an NE's Telnet parameters.
l SNMP Parameters: allows you to modify an NE's SNMP parameters.
l NETCONF Parameters: allows you to modify an NE's NETCONF parameters.
(Supported by some NEs only.)
2.15.4 Terminal Resources

eSight provides detailed information about access terminals and offers a unified approach for
you to manage access terminals. eSight provides terminal access history, suspicious terminal
logs, unauthorized access management, and remote notification to allow network
administrators to obtain terminal access information in real time.

eSight
Terminals that have accessed the network can be discovered either by a manually conducted
immediate discovery or a periodically conducted automatic discovery.
Terminal Discovery Configuration

l Whether to parse terminal names.
l Whether to enable automatic discovery.
l Intervals of automatic discovery.
l Discovery scope, which applies to both immediate discovery and automatic discovery.
Figure 2-36 Terminal discovery settings
Whitelist
You can configure a whitelist that contains authorized IP addresses and MAC addresses.
When the configuration takes effect, eSight checks whether a discovered terminal is
authorized. If not, eSight records its details for you to acknowledge the unauthorized terminal.
Figure 2-37 Setting the whitelist
Access Binding Rule

You can configure Port-IP or Port-MAC rules to restrict access terminals under device ports.
Yon can also configure IP-MAC rules to restrict binding relationships between IP and MAC
addresses. eSight identifies terminals that break these rules as unauthorized terminals and
records detailed access information.

eSight
Figure 2-38 Access binding rule
Terminal Access Record

l View terminal access details and access history.
l View unauthorized access logs of terminals.
l Switch to the physical topology to locate the access devices of terminals.
l Switch from an access interface to the Interface Management page.
l Switch to the device panel to view the access interfaces of terminals.
l Configure terminal remarks.
Figure 2-39 Terminal access record
Suspicious Terminal Report

l Check invalid MAC addresses to detect unauthorized terminal access.
l Check duplicate MAC addresses to detect MAC address theft.
l Check duplicate IP addresses to detect IP address theft.
Figure 2-40 Suspicious terminal

eSight
Unauthorized Access
eSight detects unauthorized terminal access based on the IP and MAC address whitelists
configured. With unauthorized access management, you can:
l View unauthorized access logs and unauthorized terminal details.

l Export unauthorized terminal details.
l Acknowledge unauthorized terminals.
Figure 2-41 Unauthorized access record
Remote Notification
You can configure eSight to send an email notification upon detecting unauthorized terminal
access.
Figure 2-42 Remote notification
2.15.5 VLAN Management

The eSight VLAN Manager centrally manages and configures VLAN resources that have
been added to eSight. The eSight VLAN Manager offers an impressive array of functions,
including managing network-wide VLAN resources, delivering VLAN configurations to ports
on devices (delivering only PVID for Access-type ports; PVID and allowed VLANs for
Trunk-type ports; PVID, tagged VLANs, and untagged VLANs for Hybrid-type ports),
automatically computing paths to display device and link VLAN topologies, and providing
VLAN management for a single device.

eSight
VLAN Resource Management

eSight offers a unified entry to manage VLAN resources.
l You can search for VLAN resources by criteria, such as VLAN ID and VLANIF
interface existence.
l You can create VLANs in batches and deliver created VLANs to selected devices.
l You can delete VLANs. If the ID of the VLAN is the PVID of a port, the PVID of this
port will be restored to 1 after the VLAN is deleted.
Figure 2-43 VLAN resource management
VLAN Device Management

eSight offers a unified entry to manage VLAN devices.
l You can search for VLAN devices by subnet, device type, device name, and device IP
address.
l You can configure port VLANs and deliver the configurations to selected ports.
l You can go to the device management page to manage the VLAN of a single device.
Figure 2-44 VLAN device management

eSight
VLAN Topology
eSight offers a unified topology view of network-wide VLAN devices and links.
l You can check the device interface types and VLAN details about the two sides of a link,
and check VLAN packets that are allowed to pass on the link.
l You can search for devices and links by VLAN ID, and check devices and links that
allow the pass of a VLAN.
l You can directly add a device to or remove a device from a VLAN.
Figure 2-45 VLAN topology
Single-Device VLAN Management

You can manage VLAN resources on a single device on the device management page.
l You can create VLANs on and delete VLANs from a single device.
l When you delete a VLAN: If the ID of the VLAN is the PVID of a port, the PVID of this
port will be restored to 1 after the VLAN is deleted.
l You can bulk modify VLAN parameters for multiple ports under a device.
l You can create VLANIF on and delete VLANIF from a single device.
l You can manage voice VLANs on a single device and set communication parameters for
voice VLANs on the device. The parameters include the lifecycle, protocol priority
(802.1P/DSCP), source MAC address and mask for voice streams, and port used to
receive voice streams.

eSight
Figure 2-46 Single-device VLAN management
2.15.6 Smart Configuration Tool

With the smart configuration tool, you can configure services for devices in batches by
template and planning table.
Figure 2-47 Smart configuration tool
A template is used to configure the same services for multiple NEs in batches. A planning
table is used to configure similar services for multiple NEs in batches. You can receive task
execution results by email for periodical delivery tasks.
Delivering Configurations Using a Template

You can use the preconfigured template or customize a template to deliver configurations to
multiple devices. The tool provides a wizard to guide you through the delivery.

eSight
Delivering Configurations Using a Template Planning Table

To deliver configurations to Huawei devices using a template planning table, export the table
and enter service configuration parameters in the table. Then import the table to the smart
configuration tool. The tool provides a wizard to guide you through the delivery.
Delivering Configurations Using a Command Planning Table

To deliver configurations to Huawei and non-Huawei devices using a command planning
table, export the table and enter commands in the table. Then import the table to the smart
configuration tool. The tool provides a wizard to guide you through the delivery.

eSight
Configuration Task
You can uniformly manage all delivery tasks on the Configuration Task page. You can view
and delete tasks, and modify, enable, or disable periodic tasks. You can also view historical
task delivery records and modify commands to re-deliver failed tasks.
2.15.7 Configuration File Management

eSight allows you to import, back up, restore, and compare device configuration files and
manage baseline file versions. When faults occur on the network, you can compare the
configuration file in use with the configuration file that was saved when the network was
running properly. By checking the added, modified, and deleted information, you can quickly
locate the fault and resolve it. You can also manage configuration changes. eSight
automatically compares the differences between backup and original configuration files to
obtain configuration changes and notifies you of the changes by emails.
Device Configuration Management

l Backup task
eSight can periodically (daily, weekly, or monthly) back up configuration files of devices
specified in a backup task, at a specified time. eSight can back up configuration files
when receiving a configuration change alarm. Backup tasks can be executed at regular
intervals or immediately after a configuration change alarm is generated. You can receive
backup execution results by emails. The attachment in an email provides a list of devices
whose configuration files fail to be backed up.
l Configuration file
You can back up and restore the running or startup configuration file of a specified
device, specify a configuration file as a baseline version, and change the FTP operation
types of selected devices (except non-Huawei devices). You can also view the running
and startup configuration files that have been backed up on eSight and export
configuration change reports in Excel format.

eSight
You can view configuration files that have been downloaded from eSight to a local
device.
You can compare, download, import, and delete configuration files. The file comparison
function allows you to compare configuration files backed up on the eSight server.
l Configuration change
After a configuration file is backed up, eSight automatically compares the differences
between backup and original configuration files to obtain configuration changes. You
can check the detailed configuration changes, including file addition, deletion, and
modification.

eSight
System Parameter Management

l Backup parameter
You can set the maximum number of configuration files that can be stored on the eSight
server for each device. If the number of a device's configuration files on the eSight
server exceeds the maximum value, eSight automatically deletes the earliest
configuration file. You can determine whether to trigger a backup upon device
configuration changes.
l Email notification
You can create a backup task execution result notification and a configuration file change
notification. You can select a recipient from existing users or user groups (set in System
> System Settings > Set Notified User > User Group) and set the email subject and
notification sending time for the configuration file change notification.
2.15.8 MIB Management

eSight offers the management information base (MIB) tool that can read, compile, store, and
use .mib files. eSight reads and monitors MIB data through SNMP V1, V2c, or V3, which
helps you to perform effective network management.
MIB Compiling
You can compile a MIB file and store the compiled file to a specified directory.
MIB Loading
You can upload, compile, load, unload, and delete MIB nodes, and create directories for MIB
nodes.
MIB Operation
After you enter device IP addresses in IP address text boxes, you can use the MIB tool to
perform Get/GetNext/Walk/TableView operations over SNMP-compliant devices. You can
click Stop to stop data acquisition.
2.15.9 Device Software Management

Device software management is a functional module used to upgrade software versions and
patches of managed devices. You can upgrade software versions of fit APs using on the AC.
You can also upgrade and manage software versions of ASs on the SVF network, switches
(including CE series and Commander switches), ARs (including IoT devices such as the
AR531), ACs, and firewalls in a batch. This module provides the task management and
version management functions. The task management function allows you to create version
and patch upgrade tasks and view the upgrade status of each device. The version management
function manages device software version files and patch files by device type.
Version Task Management

Manages all version upgrade tasks and refreshes the upgrade status in real time,

eSight
Figure 2-48 Version task management
l Manages version and patch upgrade of devices by device category.

l The status of upgrade tasks is refreshed in real time. You can re-execute failed tasks.
l The wizard-based upgrade allows you to create upgrade tasks following a wizard,
Figure 2-49 Creating a version task following the wizard
l You can create upgrade tasks in three steps and check task summary information.
l You can continue to create upgrade tasks or go to the task management page to check
task execution information.
Signature Database Task Management

Manages all signature database upgrade tasks and refreshes the upgrade status in real time,
Figure 2-50 Signature database task management
l Manages signature database upgrade of devices by device category.

l The status of upgrade tasks is refreshed in real time. You can re-execute failed tasks.
l The wizard-based upgrade allows you to create upgrade tasks following a wizard,

eSight
Figure 2-51 Creating a signature database task
– You can create upgrade tasks in two steps and check task summary information.
– You can continue to create upgrade tasks or go to the signature database task
management page to check task execution information.
Signature Database Global Management

eSight uniformly displays devices' signature database versions and status of scheduled
upgrade tasks.
Figure 2-52 Signature database global management
Provides the synchronization function to update devices' signature database versions and
status of scheduled upgrade tasks.
Figure 2-53 Device synchronization
File Management
Manages software versions, patch files, license files, and signature database files.

eSight
Figure 2-54 Version management
Storage Settings
You can set the upper limit of the disk space occupied by all the files managed by the device
software management module.
Figure 2-55 Setting storage parameters
2.15.10 WLAN Management

The WLAN Manager offers an integrated solution that manages wired and wireless networks.
l Network planning: Provides the network planning tool to import location pictures
including the regional background pictures, scale, obstacles, and pre-deployed APs to the
WLAN topology.
l Wizard-based batch service deployment: Delivers wireless service configurations to APs
in batches.
l Unified wireless resource management: Manages ACs, APs, wireless users, and regions.
l User fault diagnosis: Diagnoses user access network faults.
l Wireless network security check: Detects intrusion devices and non-Wi-Fi interference
sources and offers spectrum analysis.
l Visual management over the wireless network topology: Displays locations of APs by
area and coverage areas of the APs. After WLAN location is enabled, wireless terminals,
rogue devices, and interference sources are displayed in the topology.
Configuration Wizard
The WLAN Manager supports wizard-based service configuration. Based on AP planning
sheets, the WLAN Manager delivers and deploys AP services end to end, which improves the
deployment efficiency (approximately 90% compared to manual deployment). (Note: This
function applies to WLAN V2R6 and earlier versions only. The menu entry for this function
is hidden by default in eSight V3R3C10.)

eSight
Configuration Management
An AC controls and manages APs on WLAN. With AC management, you can connect an AP
to WLAN in any of the following modes: confirm AP identities, add an AP in offline mode,
and add an AP to the whitelist. (Note: This function applies to WLAN V2R6 and earlier
versions only.)
l Unauthorized AP
The Unauthorized AP page displays APs whose MAC addresses or SNs are not in the
whitelist. On this page, you can acknowledge unauthorized APs in batches to add them
to the whitelist. Then, APs in the whitelist are brought online.
l AP whitelist
Network administrators can add MAC addresses of APs or AP SNs to an AP whitelist to
allow the APs to go online normally.
l AP blacklist
Network administrators can add MAC addresses of APs to an AP blacklist, preventing
unauthorized APs from going online.
l User blacklist
Network administrators can add MAC addresses of wireless users to a user blacklist,
preventing unauthorized users from connecting to APs. Network administrators can also
blacklist unauthorized users and set the AP countermeasure mode to user blacklist. The
system performs countermeasure against devices from the user blacklist.
l SSID whitelist
Network administrators can configure SSID whitelists to detect unauthorized devices in
a more accurate and efficient manner. SSIDs that exist in surrounding environments but
have no impact on the wireless network quality are added to the whitelist and will not be
recognized as unauthorized devices.
The profile management function allows you to configure NE predefined profiles.

eSight
l AP profile
You can specify the maximum transmission unit of the AP Ethernet port and configure
log backup.
l Radio profile
The radio profile is used to specify parameters such as the radio type, rate, power, and
whether to occupy a channel during wireless transmission.
l ESS profile
The ESS profile is a set of service parameters, such as the SSID name, service VLAN,
ESS interface for data transmission, maximum number of access users, and WLAN user
access security management. After an ESS profile is bound to a specified radio on an AP,
the service parameters are applied to a virtual access point (VAP), a wireless service
functional entity.
Configuration and Deployment

Compared with earlier versions, the configuration mode in WLAN V2R6 changes a lot. In
V2R6, configuration is completed based on AP group profiles. eSight provides the WLAN
configuration and deployment function to adapt to this change. This function provides profile-
based configuration for WLAN devices of V2R6 and later versions.
l You can configure VLANIF interfaces and IP address pools for ACs and X7 series
switches.
l You can configure global parameters for ACs.
l You can configure channels for interface groups.

eSight
l You can deliver the same AP group template to multiple ACs.
l This function allows users to configure multiple ACs simultaneously and supports AP
group management and profile management in the Object Manager of each WLAN
device of V2R6 or a later version. You can create, delete, modify AP groups, and
manage group members and profiles on ACs, as shown in the following figure.

eSight
Network Resource Monitoring
The Region Object Manager provides the following information: physical resources over the
entire network or in each region, resource statistics, performance statistics, user statistics,
spectrum analysis, and Wireless Intrusion Detection System (WIDS).
l Physical resources
AC: AC status, name, type, IP address, AP authentication mode, forwarding type,
country code, subnets, total number of APs, number of online APs, and number of online
users
AP: AP status, name, alias, type, category, SN, MAC address, IP address,
countermeasure, radio's working mode, AC name, home region, location, WLAN
location, subnets, and number of online users
User: current access users and historical access users
SSID: SSID, AC name, ESS profile name, and Fat AP name
Region: region name, total number of APs, total number of online APs, and total number
of online clients
NOTE
When WLAN location is enabled, the number of WLAN location-enabled APs and their locations
in the region are displayed.
l Resource statistics
Network overview: includes online WLAN user statistics, Top N SSID user statistics,
and wireless resource statistics. For details.
l Performance statistics
Terminals associated with APs, AP physical resources, AP traffic, radio traffic, user
traffic, and real-time WIDS attacks
l Current access user
Number of current access users.
l User access history
Historical data about user access.
l Spectrum analysis
After the AP radio spectrum function is enabled on devices, users can view the signal
interference information around APs on eSight. Users can determine the channel quality
and surrounding interference sources on spectrum charts. Spectrum charts include real-
time FFT, depth, channel quality, channel quality trend, and device percentage charts.

eSight
l Security
eSight monitors and recognizes unauthorized devices, clients, interference sources, and
attacks based on user-defined rules, sends remote alarm notifications, and offers
protection measures.
1. Supports the statistics collection, display, and countermeasure of unauthorized
devices.
2. Supports the display, countermeasure, and suppression access protection of
unauthorized clients.
3. Supports the statistics collection and display of unauthorized Wi-Fi interference
sources.
4. Supports the statistics collection, display, and countermeasure of attacks.
5. Classifies unauthorized APs into rogue, suspected-rogue, adjacent, suspected-adjacent,
and interference APs. Supported rules include adjacent or same frequency interference,
signal strength, SSID (fuzzy or regular expression), number of detected APs, and attack.
l Object Manager
Uniformly displays WLAN service data and performance data by AC, AP, radio, and
terminal on the Object Manager.

eSight
Region Monitor
Region monitor is user-centric and integrates region-based user experience data.
l Divides a region into multiple sub-regions and manage them by groups.

l Displays user experience information and key counters by region.
l Displays key counter Portals by region.

eSight
l Locates faults based on key counters in each region.

eSight
l For a non-bottom-layer region, you can set a GIS map as the subnet background. In
addition, you can zoom in or out the map, move the map, and set locations on the map.
l The bottom-layer region integrates the Location Topology function in earlier versions.
You can deploy APs in regions, view the hotspot coverage, and detect signal coverage
blind spots and conflicts promptly. If the license of WLAN location is applied and
WLAN location is enabled in a region, the locations of wireless users, unauthorized
devices, and non-Wi-Fi interference sources are refreshed in the topology at regular
intervals.
1. Displays the hotspot location and radio signal coverage in the location topology and marks
conflict regions.
2. Pre-deploys APs and displays the simulated radio coverage. After APs get online, eSight
switches between the APs and displays the actual radio coverage.

eSight
3. Map settings: Hides and displays nodes in regions by filter criteria. The filter criteria
include users, rogue APs, rogue Ad Hocs, rogue bridges, unauthorized clients, and
interference sources. If AP location licenses are available and WLAN location is enabled in a
region, the latest locations of unauthorized devices and interference sources are refreshed in
the topology.
4. Terminal display/Hot line/Hot map switching: Click Map setting, then the Terminal
Location tab, and select Show terminal. A dialog box is displayed, showing terminals to be
displayed. Select required terminals and click OK. Terminal information including the latest
terminal coordinates is displayed in the topology view.

eSight
Switching to hot line display: After you click Show hot line and select the date, hot lines are
displayed in the topology.

eSight
Switching to the hot map: After you select Show heat map, located terminals are displayed in
the hot map, showing the user density.
5. Coverage region division: O&M personnel can further divide a region in the topology into
multiple sub-regions to support fine-grained statistics collection, such as location-based user
traffic statistics. Currently, the coverage region division function applies to terminal location
only.
6. Displays the mesh network topology of devices and basic information about mesh links in
Region Monitor and monitors mesh link quality.

eSight
7. Displays the movements of end users in the Region Monitor. Right-click an end user and
select a preset time range or user-defined event range. The Region Monitor displays the user
movements within the selected time range.
Fault Diagnosis
1. WLAN user fault diagnosis: Diagnoses network quality for online users in terms of users,
SSIDs, APs, and ACs. If detecting any exception, the system displays potential problems and
gives suggestions for you to rectify the exception. (Note: This function applies to WLAN

eSight
V2R6 and earlier versions only.)
2. With the basic fault diagnosis function as well as Syslogs and performance data, the
WLAN Manager provides diagnosis tools to help network administrators troubleshoot
problems such as network access failures, frequent offline, and weak signal during WLAN
O&M. (Note: This function applies to WLAN V2R6 and later versions only.)
l Viewing historical diagnosis information

eSight can store information about the diagnosis objects, time, operator, and result,
allowing users to view historical diagnosis information.
l Viewing connection relationships

eSight
eSight allows users who initiate diagnosis to view the connections among diagnosis
objects (including the connections between terminals and servers) as well as detailed
object information.
l Viewing diagnosis result
eSight classifies diagnosis results into the following types: terminal check, air interface
check, AP check, mesh check, AC check, and connectivity check. The AAA server
checks eight types of information and provides fault causes and rectification suggestions.
O&M personnel can rectify faults based on their own experience and the rectification
suggestions.
l Viewing associated information
eSight allows users to view associated information about terminals, air interfaces, AP,
ACs, DHCP, and AAA.
l AAA Test
To supplement fault diagnosis, AAA Test detects problems occurred during user
authentication.
l AC Ping
To supplement fault diagnosis, AC Ping detects connectivity between an AC and a
destination device (usually a server) by pinging the device from the AC.
l Trace
To supplement fault diagnosis, Trace collects and exports logs about APs and clients to
help determine the fault causes.
l Log Viewer
To supplement fault diagnosis, Log Viewer collects log statistics on diagnosis objects to
help analyze the stages during which faults are likely to occur and allows users to view
and export log details.
3. Offers related fault alarms about communications, environments, unauthorized devices, and
unauthorized Wi-Fi interference sources to help users locate and rectify faults.
4. Monitors WLAN network devices and resources to help users better understand the running
status of the network and devices.
Integrated Wired and Wireless Management

After LLDP link discovery is enabled, you can view the links between wired PoE switches
and wireless APs in the Region Monitor topology, enabling integrated wired and wireless
management.

eSight
Report Management
eSight provides predefined reports for AP uplink interface traffic, channel usage, online radio
users, online wireless users, Top N user access failures, and Top N user login counts, and
provides fast reports and predefined reports for AP association statistics, AP traffic statistics,
AP rate statistics, region-based user counts, and region-based average terminal dwell
durations.
Energy Saving Management

eSight allows you to customize energy saving policies in terms of the AP, radio, and SSID.
You can immediately or periodically start energy saving tasks, or disable wireless signal
transmission. (Note: This function applies to WLAN devices of V2R6 and earlier versions
only. For later versions than V2R6, users can enable energy saving in the VAP profile and
configure energy saving on APs or AP group.)

eSight
2.15.11 SLA Management

Service Level Agreement (SLA) Manager measures and diagnoses network performance. You
can create SLA tasks to periodically monitor the network delay, jitter, and packet loss ratio,
and calculate the compliance of SLA services on the live network.
By default, SLA Manager offers 24 services. You can also customize services to meet your
specific demands. SLA Manager offers the Dashboard to globally monitor SLA tasks and
allows you to quickly learn the quality of all or specific services on the live network. On the
SLA view page, you can establish a view that consists of multiple tasks, which helps you
compare task data. Quick diagnosis helps you quickly diagnose the links and carried services
between source and destination devices, facilitating network fault location.
Figure 2-56 SLA management overview
Dashboard
The SLA dashboard globally monitors SLA tasks and displays the recent smart policy tasks,
SLA test instance counters, and minimum SLA compliance. You can add tasks to and delete

eSight
tasks from the dashboard and set the criteria to filter SLA tasks to be displayed on the
dashboard.
Figure 2-57 SLA dashboard
SLA Service Management

With SLA service management, you can define SLA levels. This module provides 24
predefined templates for common services such as voice over IP (VoIP), video, and data
services. You can customize the compliance threshold and network quality counter threshold
based on network conditions and operation and maintenance requirements.
Figure 2-58 SLA service management

eSight
Figure 2-59 Creating an SLA service
SLA Task Management

SLA tasks periodically monitor various counters, such as the delay, jitter, and packet loss ratio
on a network. You can create, delete, start, and stop SLA tasks and copy an existing task to
create a task on the SLA task management page. Shortcut operation entries are available for
you to view historical data, alarms, and perform the quick diagnosis operation. The SLA task
execution interval can be adjusted automatically. When network quality degrades, the
execution interval is shortened, so you can obtain more detailed quality degradation
information.
Figure 2-60 SLA task management
SLA View Management

You can add multiple SLA tasks to an SLA view to view the historical data of these tasks.

eSight
Figure 2-61 SLA view
Quick Diagnosis
You can use this function to measure the SLA service quality without creating any task.
Figure 2-62 Quick diagnosis
Historical Data
Historical service quality data such as the overall compliance and the data of a single counter
is displayed in graphs. You can click an SLA task name on the SLA task page to switch to the
historical data page of this task.
Historical data of multiple SLA tasks can be displayed on the same page.
You can switch from historical SLA data to historical NTA data and historical QoS interface
data.

eSight
Figure 2-63 Viewing historical data
Figure 2-64 Viewing the historical data of multiple tasks
SLA Reports
This module provides SLA service quality reports, SLA task counter reports, and Top N SLA
compliance reports.

eSight
Service Diagnosis
With service diagnosis, eSight measures network quality and displays collected data (such as
the delay, jitter, packet loss ratio, and DSCP value) by segment, helping you evaluate service
quality. eSight locates the network location where a quality problem occurs based on
statistical data, helping you rectify faults and ensuring service continuity.
Figure 2-65 Quick Start
l Template Management
eSight offers four default network service quality assessment templates with
performance counters such as the delay, jitter, and packet loss ratio. You can also
customize counters in the templates based on your site requirements.
1. Video diagnosis template, used to assess the network quality of video services
2. Voice diagnosis template, used to assess the network quality of voice services
3. Telepresence diagnosis template, used to assess the network quality of Telepresence
systems
4. Desktop cloud diagnosis template, used to assess the network quality of desktop cloud
systems
Figure 2-66 Template management

eSight
Figure 2-67 Creating a template
l Service Diagnosis
eSight diagnoses the network service quality and allows you to efficiently locate network
faults and assess network quality. Before performing service diagnosis, select the
corresponding template.
To perform Telepresence diagnosis, select a Telepresence diagnosis template.
Figure 2-68 Telepresence diagnosis parameters
To perform desktop cloud diagnosis, select a desktop cloud template.
Figure 2-69 Desktop cloud diagnosis parameters
Diagnosis results are displayed by segment. Each record in the table indicates network
condition between source and destination devices.

eSight
Figure 2-70 Diagnosis result
2.15.12 iPCA Management

Enterprise IP networks carry complicated and diversified services, and network applications
closely relate to routine operation of enterprises. Packet Conservation Algorithm for Internet
(iPCA) provides device-level, network-level, and service flow packet loss measurement on
enterprise campus networks. It marks on real IP service packets transmitted on networks;
therefore, network administrators can easily monitor network quality and quickly locate faults
without increasing load on the networks.
Device-level Measurement
iPCA-capable devices are deployed on the enterprise campus network. iPCA can be
performed on these devices and Layer 2 direct links between the devices. eSight provides a
network topology to show whether unicast IP packets are lost in this area in real time. If
packet loss occurs, eSight can show the device where packets are lost, the packet loss ratio,
and the number of lost packets. eSight provides the following iPCA functions:
1. Displays the latest packet loss measurement result of the devices and links in the
topology view.
2. Reports an alarm when the device or link packet loss measurement result exceeds the
preset threshold.

eSight
Network-level Measurement
The branch networks of an enterprise are connected through a carrier's network. The egress
device of each branch functions as a CE to connect to the carrier's network. The enterprise
needs to evaluate service quality on the carrier's network. When service quality degrades, the
enterprise network administrator needs to check whether the problem is caused by the carrier's
network. iPCA network-level monitoring is deployed on the egress devices of the campus
network to monitor service quality of the carrier's network.

eSight
Packet Loss Measurement for the Unicast IP Service

If the quality of key services in an enterprise degrades, the network administrator needs to
determine whether the problem occurs in application servers, terminals, or network devices. If
packet loss occurs, the administrator must quickly check where the packets are lost, on a node
or a link. The Telepresence service is used as an example here to describe how to measure and
locate packet loss on a network.
1. Configure network-level measurement on the interfaces of two switches that are
connected through Telepresence servers and terminals to check whether packet loss
occurs. If no packet is lost, the problem occurs on Telepresence terminals.
2. The administrator needs to check the terminals. If packet loss occurs between the
Telepresence server and terminal, check which node or link has lost the packets.
3. Check the packet loss measurement results of devices on the service forwarding path to
quickly locate the faulty node.

eSight
2.15.13 QoS Management

eSight provides QoS Manager to monitor traffic. When traffic policies are configured for
interfaces, the tool measures network performance counters such as rate of packets matching a
traffic classifier, packet drop rate, rate of packets exceeding the CIR, and bandwidth usage for
the interfaces.
Dashboard
The QoS dashboard displays the Top N tasks with the highest QoS performance counters,
which helps you find regions with excessively high traffic.
Figure 2-71 QoS Dashboard
QoS Configuration
You can view QoS configuration of the devices.

eSight
Figure 2-72 QoS configuration
Historical Data
Historical QoS traffic data shows the change of QoS traffic, helping O&M personnel obtain
historical data information.
Figure 2-73 Historical QoS data
2.15.14 Network Traffic Analysis

eSight Network Traffic Analyzer (NTA) can quickly and efficiently analyze network traffic
and generate traffic reports. It enables users to detect abnormal traffic in a timely manner
based on the real-time application traffic distribution on the entire network and plan networks
based on the long-term network traffic distribution. Therefore, NTA can implement
transparent network management.
Enabling NetStream on a Device

eSight delivers NetStream commands to devices through the smart configuration tool. You do
not need to configure NetStream on each device, implementing quick deployment of
NetStream.

eSight
Figure 2-74 Enabling NetStream on an interface
eSight NTA allows you to configure devices, interfaces, protocols, applications, alarms, host
name resolution, DSCPs, IP groups, application groups, interface groups, and DSCP groups.
Figure 2-75 Configuration navigation
l Configuration navigation
When you are using eSight for the first time, follow the configuration navigation on the
GUI to complete traffic monitoring settings step by step.
l Collector configuration
You can view the IP address and status of the current collector and set the Top N count
for interface session collection (Top30 by default). After the traffic forensics function is
enabled, the original flow files of the collector are uploaded to the analyzer.
l Device configuration
eSight displays all devices that report traffic. You can monitor specific devices.
l Interface configuration
eSight displays the device interfaces which send NetStream packets to the analyzer. You
can set the incoming traffic rate, outgoing traffic rate, and sampling ratio on interfaces to

eSight
ensure that eSight NTA can correctly collect traffic data. The sampling ratios on eSight
must be the same as those on devices. Telnet login user name and password are
configured for Huawei devices, and eSight can synchronize sampling ratios from device
interfaces.
l AP configuration
eSight displays the device interfaces which send NetStream packets to the analyzer. You
can set the sampling ratio to ensure that eSight NTA can correctly collect traffic data.
The sampling ratios on eSight must be the same as those on devices.
l Protocol configuration
You can monitor specific protocols as needed.
l Network application
eSight lists 543 frequently-used network applications and classifies them into pre-
defined applications and user-defined applications. You can define important
applications.
– Pre-defined application: preset applications and applications identified and reported
by devices
– User-defined application: network application that is added by users and can be
defined based on the protocol (UDP/TCP), port range, and IP address range
l DSCP configuration
eSight lists 64 frequently-used DSCPs and allows you to rename DSCP names.
l IP group configuration
Groups IP addresses that have certain common attributes, which helps users to view
traffic information about IP address groups.
l Application group configuration
You can classify applications into an application group as required to view traffic
information about a specified application group, such as the email group.
l DSCP group configuration
You can classify associated service types into a DSCP group to view traffic information
about a specified DSCP group, such as the voice group.
l Interface group configuration
You can add related interfaces to an interface group to view traffic information about a
specified interface group.
l Alarm configuration
You can specify the thresholds for triggering alarms for certain applications, hosts, and
DSCP rates and the conditions for clearing the alarms.
l Host name resolution configuration
You can specify whether to enable DNS and NetBIOS resolution to resolve IP addresses
into DNS domain names or NetBIOS host names. After DNS and NetBIOS resolution is
enabled, eSight can display traffic by host name.
l Carrier configuration
In a cloud DC, users can configure the EIP range and bandwidth for carriers.
Traffic Dashboard
NTA provides the traffic dashboards function and displays the real-time entire-network traffic.

eSight
Figure 2-76 Traffic analysis by Dashboard
l The dashboard offers rankings about the interface traffic, interface utilization, device
traffic, application traffic, host traffic, DSCP traffic, and session traffic.
l You can customize the display format and content. The following operations are
available: links, maximize, and minimize.
Traffic Analysis
eSight NTA can analyze traffic on enterprise WAN egress links and wireless campus network
from multiple dimensions.
1. Traffic analysis on enterprise WAN egress links
eSight NTA offers drill-down network traffic analysis capabilities. You can view more details
about traffic step by step. eSight NTA can analyze detailed traffic information on egress
devices, link interfaces, applications, DSCPs, hosts, sessions, interface groups, IP groups, and
application groups.
You can obtain traffic distribution on WAN links and view traffic information on link
interfaces.
Figure 2-77 Interface traffic analysis
eSight can work with Huawei devices to analyze bandwidth usage of dynamic applications,
such as BT, eMule, and other P2P applications.

eSight
The drilling-down function enables you to set filter criteria to view session details.
Figure 2-78 Session details
2. Traffic analysis on a wireless campus network
eSight works with Huawei WLAN devices AC6005, AC6605, or ACU2 to display the
application traffic distribution on a wireless enterprise campus network. You can select a
region or SSID to view application traffic in the region. You can also click an AC or AP to
view application traffic of an AC or AP.
Figure 2-79 Traffic on a wireless campus network
3. Traffic analysis on cloud DC EIP
In a cloud DC, eSight works with IAM, VPC, and RMS systems to provide traffic analysis by
EIP, rate limit group, customer, and carrier, keeping users abreast of DC traffic distribution.
eSight collects statistical data about EIPs, customers, and rate limit groups with top traffic
occupations, helping users rapidly detect public IP addresses that cause network congestions.
The preceding figure shows the traffic trends. Users can check DC traffic components by
application and session.

eSight
Network Traffic Report

NTA provides a configuration wizard following which you can customize traffic reports. NTA
can export reports and send reports to users through emails. The following figures show how
to create and view traffic reports.
Figure 2-80 Creating a network traffic report

eSight
Figure 2-81 Viewing a network traffic report
l Supports multiple modes of displaying the traffic data: pie, table, line chart, and region
chart.
l Supports multiple summary types: application summary, session summary, DSCP
summary, host summary, and interface summary.
l Supports multiple filtering conditions: by source address, by destination address, by
application, and by DSCP.
l The report system can generate instant reports and periodical reports.
– Instant report
Users need to manually run an immediate report task. Once an immediate task is
executed, a report reflecting the statistics at that time is generated. After the task is
performed successfully, the status is displayed on the page. The report contains
detailed traffic statistics and figures.
– Periodical report
After eSight performs a task at an interval specified by the user, traffic statistics of a
specified period is displayed.
l You can export a single report or batch reports.
l eSight can send reports by emails.
Traffic Forensics
When detecting abnormal traffic on the network, the system allows you to obtain original
traffic data which helps you locate the network fault.

eSight
The system displays traffic forensics results by seven key fields. For example, you can check
whether viruses exist by comparing protocols, ports, and packet rates, and check whether
protocol attack threats exist by TCP flags.
Figure 2-82 Traffic forensics page
l Obtains original packets by time range.

l Supports diverse filter criteria: source IP address, destination IP address, source
interface, destination interface, source port, destination port, protocol, application, DSCP,
and TCP flag.
l Sets the storage duration for query results. The maximum value is 30 days.
l Exports all or specified query results.
Traffic Alarm
You can create threshold alarms for eight traffic types, such as application, server, and
session. When the traffic has reached the threshold for specified times within a specified time
segment, an alarm is automatically generated. When the traffic meets alarm clearance
conditions within a specified time segment, the alarm is automatically cleared. eSight can
notify users of alarm generation or clearance by emails.
You can create, copy to create, delete, enable, and disable threshold alarms on the traffic
threshold alarm configuration page. You can choose the objects to be monitored, and set the
alarm severity, threshold, and repetition times based on the historical traffic data.

eSight
Figure 2-83 Threshold alarm configuration page
You can check traffic alarms on the current alarm page, and switch to the traffic analysis page
to view traffic details within the time segment.
Figure 2-84 Checking traffic alarms
Host Name Resolution

NTA can resolve IP addresses of traffic into DNS domain names or NetBIOS host names. You
can specify whether to enable DNS or NetBIOS resolution and set the update interval of DNS
domain names and NetBIOS host names.
After DNS or NetBIOS resolution is enabled, eSight displays traffic by host name and IP
address when host name resolution fails.

eSight
Figure 2-85 Host name resolution configuration page
After host name resolution is configured, eSight displays traffic by host name, as shown in the
following figure.
Figure 2-86 Displaying traffic by host name
2.15.15 IPSec VPN Management

The IPSec VPN management component enables you to monitor and diagnose IPSec VPN
services, covering the service activation status and alarm status, service topology,
performance, and historical tunnel information.
Overview
The IPSec VPN overview provides you visibility into overall IPSec VPN services, including
the number of IPSec tunnels, received and sent packet rates, traffic rates, and packet loss
ratios of an IPSec tunnel or all IPSec tunnels, number of remote access users in an IPSec
tunnel, and service alarm list. Figure 2-87 shows the overview information.

eSight
Figure 2-87 IPSec VPN overview
Discovering Services
Huawei eSight automatically discovers IPSec VPN services of some or all devices on the
Hub-Spoke and Site-to-Site networks. Figure 2-88 shows service discovery on eSight.
Figure 2-88 IPSec VPN service discovery
Managing Service Groups

Huawei eSight manages services by service group and enables you to search, delete, and
move service groups. The service group list provides you visibility into the service quantity
and alarm status of each service group and provides links to alarm lists.
Huawei eSight helps you quickly diagnose services and modify service configurations (such
as the pre-shared key) by service group,
Figure 2-89 shows the service group management list.

eSight
Figure 2-89 IPSec VPN service group list
Figure 2-90 shows pre-shared key modification.
Figure 2-90 Pre-shared key modification
Managing a Service List

You can click a link in the service group list to access a service list.
On the service list, you can: Rename the services and service group. Search for, delete, and
move services and perform quick diagnosis. Display global parameters. Monitor performance
in real time. View tunnel information. View topology and alarm details by clicking topology
and alarm links.
Figure 2-91 shows a service list.
Figure 2-91 IPSec VPN service list
l Searching for services

Huawei eSight supports service name fuzzy match and enables you to search for services
by network type, service status, alarm status, local device, remote device, local interface,
or remote interface.
l Deleting services
Delete the selected services from Huawei eSight does not affect services. After the
deletion, you can discover the services to Huawei eSight again.
l Moving services

eSight
You can move the selected services to another service group. Figure 2-92 shows
movement of a service from one group to another.
Figure 2-92 IPSec VPN service moving
l Diagnosing services quickly

If a fault occurs, you can diagnose services quickly to locate the fault.
l Modifying service names
Huawei eSight automatically generates service names during service discovery. You can
modify the service names. After the service name is modified, Huawei eSight updates
service link names in the topology. Figure 2-93 shows service name modification.
Figure 2-93 IPSec VPN service name modification
l Viewing global parameters

You can view the global IPSec VPN parameters of devices at both tunnel ends, including
the device name, type, IP address, IKE negotiation name, interval for sending keepalive
packets, keepalive timeout period, and interval for updating NAT keepalive packets.
Figure 2-94 shows the page for setting global IPSec VPN parameters.

eSight
Figure 2-94 Global IPSec VPN parameters
l Monitoring performance in real time

Huawei eSight monitors service performance in real time, including the number of
remote access users in an IPSec tunnel and the received and sent packet rates, traffic
rates, and packet loss ratios of an IPSec tunnel.
l Viewing tunnel information
If a service is not activated, its tunnel icon is unavailable. If a service is activated, you
can view detailed tunnel information, including the connection ID, duration, local
device, remote device, local interface, remote interface, local IP address, remote IP
address, packet encapsulation mode, key negotiation type, and SA list. Figure 2-95
shows the page for viewing detailed tunnel information of IPSec VPN services.
Figure 2-95 Detailed tunnel information of IPSec VPN services
l Viewing topology
In a service list, you can click the topology link of a service to view the IPSec VPN
topology.
l Viewing alarms
If the alarm status of a service is abnormal, you can click the alarm link to view the
alarm information about devices at both tunnel ends.
Service Topology
The service topology provides you visibility into IPSec VPN services. The display of an
IPSec VPN service topology supports the following scenarios:

eSight
l Hub-Spoke or Site-to-Site networking

l Interworking services
l Hot standby and active/standby switchover
The service topology displays global device parameters and provides links to different
information, such as service discovery, alarm lists, service lists, service diagnosis, real-time
performance, and device management.
The service topology provides complete tooltip information. Each device node, service link,
subnet, or backup link has its tooltip information, including the basic information and latest
performance data.
The service topology supports device management by subnet. Subnet management includes
importing physical subnets, creating, modifying, or deleting subnets, moving devices to other
subnets, and adding devices to subnets.
Figure 2-96 shows service topology.
Figure 2-96 IPSec VPN service topology
Monitoring Alarms
The alarm status in a service or service group list shows the generation and rectification of a
service fault. The service link in the topology displays the alarms of different severities in
different colors. After identifying a service fault, you can access the alarm list to view detailed
alarm information and locate the fault.
Monitoring Performance
The global and IPSec VPN performance monitoring functions provide you visibility into
traffic of network devices and services, including the packet rate, traffic rate, packet loss ratio,
number of tunnels, and number of remote access users. Figure 2-97 shows real-time
performance monitoring.

eSight
Figure 2-97 IPSec VPN service performance monitoring
Diagnosing Services Quickly

You can detect faults and diagnose services quickly without creating any task.
Service diagnosis covers the interface status at both tunnel ends, whether IPSec policies are
applied to an interface, integrity of IPSec policy configuration, IKE negotiation result, and
IPSec negotiation result.
Diagnosis results can be exported into an Excel file.
Figure 2-98 shows service diagnosis.
Figure 2-98 Quick diagnosis of IPSec VPN services
Viewing Historical Tunnels

The historical tunnel list shows the setup and teardown of tunnels on the entire network
within a time range. You can understand the tunnel setup and teardown patterns and locate
service faults.
Figure 2-99 and Figure 2-100 show the historical tunnel lists.
Figure 2-99 Historical IPSec VPN tunnel list

eSight
Figure 2-100 Detailed information about a historical IPSec VPN tunnel
2.15.16 BGP/MPLS VPN Management

The BGP/MPLS VPN Manager offers end-to-end solutions for VPAN service deployment,
monitoring, and fault diagnosis.
l Wizard-based batch service deployment: Deploys VRF, interface, and routing data for
PEs and CEs in batches.
l Convenient and quick automatic discovery: Automatically discovers deployed VPN
services without specifying device roles.
l Visualized service topology: Visually displays the logical architecture of PE-PE and PE-
CE services, and shows service alarms in real time.
l Multi-dimensional service monitoring: Monitors the running status of monitoring
services in terms of the alarm, performance, and service link SLA.
l One-click fault diagnosis: Diagnoses VPN service faults by segment and layer, and using
diverse approaches.
Service Deployment
eSight offers graphical, wizard-based, and end-to-end service deployment capabilities and
helps you easily and quickly deploy new VPN services, add VPN access points, and adjust
existing VPN services, improving service maintenance efficiency. eSight allows you to deploy
services in the Full-mesh, Hub-Spoke, MCE, and customized networking types, and deploy
OSPF, ISIS, static, and EBGP routing protocols between PEs and CEs. Figure 2-101 and
Figure 2-102 show the pages for MPLS VPN service deployment and performing detailed
configurations.

eSight
Figure 2-101 MPLS VPN service deployment
Figure 2-102 Performing detailed configurations
Automatic Discovery
eSight discovers MPLS VPN services automatically in the following network schemes: Full-
Mesh, Hub-Spoke, Multi-VPN-Instance CE (MCE), HoVPN, inter-AS Option A, and inter-
AS Option B. You do not need to specify the PE and CE devices for automatic discovery.
eSight can automatically identify device roles based on the service configuration and discover
service logic between PEs and between a PE and a CE. Figure 2-103 shows the page for
discovering MPLS VPNs automatically.

eSight
Figure 2-103 MPLS VPN automatic discovery
MPLS VPN Monitoring

l eSight monitors MPLS VPN services and displays MPLS VPN service configurations,
including configuration of links between PEs, configuration of links between PEs and
CEs, VRF instance configurations, and routing configurations.
l eSight provides the following statistics tasks to monitor MPLS VPN performance:
Access Interface Performance VRF Flow Performance
l VRF Route Performance In addition, eSight monitors MPLS VPN service quality.
MPLS VPN Service Topology

eSight monitors service topologies, displays the VPN logical architecture, and manages user-
defined regions. Figure 2-104 shows the MPLS VPN service topology.
Figure 2-104 MPLS VPN service topology

eSight
Quick Diagnosis
eSight offers one-click fault diagnosis to diagnose faults by segment (PE-PE, PE-CE, CE-CE,
and PE-remote CE) and layer (L3 routing and MPLS forwarding layer) using multiple
approaches (ping, trace, and routing collection). Figure 2-105 shows the MPLS VPN quick
diagnosis page.
Figure 2-105 MPLS VPN quick diagnosis
Service Report
eSight offers statistical reports on interface traffic, VRF traffic, and VRF routing. Interface
traffic reports allow you to learn about the historical interface data about each VPN service.
VRF traffic reports allow you to learn about the distribution of VPN traffic on each PE.VRF
routing reports allow you to learn about the routing change information about CE access of a
VPN service. In terms of traffic and routing, the preceding three reports offer data reference
for you to perform some operations, such as capacity expansion. Figure 2-106 shows the
MPLS VPN service report page.
Figure 2-106 MPLS VPN service report
2.15.17 BGP/MPLS Tunnel Management

MPLS Tunnel Manager monitors MPLS TE and LDP tunnels, including the tunnel running
status, backup status, tunnel topology, alarms, and tunnel-related VPN services.

eSight
Automatic Discovery
eSight automatically discovers MPLS tunnels on the network, including MPLS TE and LDP
tunnels, as shown in Figure 2-107.
Figure 2-107 MPLS tunnel automatic discovery
Tunnel Monitoring
eSight supports active-standby and bypass protection for MPLS TE dynamic tunnels and
monitors Static-CR signaling-based static tunnels. The following tunnel information is
monitored: tunnel backup status, running status, and tunnel alarms.
eSight supports interaction between MPLS tunnels and L3VPN services and allows you to
check VPN services carried on MPLS TE tunnels.
Tunnel Topology
eSight monitors MPLS tunnel status, link status, and node status through tunnel topology and
allows you to view MPLS information of devices, as shown in Figure 2-108.

eSight
Figure 2-108 Tunnel topology
l MPLS capabilities of MPLS TE tunnels and interfaces, DS-TE information, and link
bandwidth.
l MPLS capabilities of MPLS LDP virtual tunnels and interfaces.
Explicit Path List

eSight provides an explicit path list. You can view the detailed information about each explicit
path
Quick Diagnosis
eSight provides the MPLS tunnel diagnosis function. eSight can diagnose route-based
forwarding, label forwarding, and tunnel configuration at tunnel nodes. If a fault occurs,
eSight can diagnose and locate tunnel faults and provide detailed diagnosis results, as shown
in Figure 2-109.

eSight
Figure 2-109 MPLS tunnel diagnosis
2.15.18 Secure Center Management

Secure Center Management
Secure Center effectively manages security policies on a large number of Huawei firewalls.
Major functions are as follows:
1. Basic configuration
– You need to complete some operations and configure public resources before eSight
can manage policies. You may use the public resources when you configure security
policies. The basic configuration includes authorization management, device group
management, virtual device management, public objects, and security profiles.
– The public objects and security profiles can be used in NGFW policy management.
Firewall policy management has its own public objects.
– Device groups can be used in management of firewalls, and NGFWs.
2. Device global configuration
– Device global configuration is used to filter files and junk emails. It is mainly
configured for NGFW firewalls.
3. Security policy analysis
– Supports redundancy, risk, hit, and comprehensive analysis on security policies for
firewalls.
– Supports redundancy, risk, hit, and comprehensive analysis on security policies for
NGFWs.
4. Firewall security policy management
– Supports batch configuration and deployment of firewall security policies.
– Supports centralized configuration of public objects, such as address sets, time
ranges, services.
– Supports virtual firewall management and virtual firewall-based security policy
configuration.
5. NGFW policy management

eSight
– Supports batch configuration and deployment of NGFW security policies, SSL

decryption policies, authentication policies, attack defense, and application specific
packet filter (ASPF).
– Supports centralized configuration of public objects, such as address sets, time
ranges, services.
– Supports virtual firewall management and virtual firewall-based security policy
configuration.
6. NIP policy management
– Supports batch configuration and deployment of NIP security policies.
– Supports security protection.
Basic configuration
l Supports policy authorization and management for security devices. You can view the
devices that the Secure Center is authorized to manage through licenses.
Figure 2-110 Security policy authorization management
l You can create, delete, modify, and query device groups.
Figure 2-111 Creating a device group

eSight
l You can create, delete, and query virtual firewalls.
Figure 2-112 Creating a virtual firewall
l Public object configuration

Public objects are resources that you can use in policy creation. A predefined public object
can be used by multiple policies. You can create, delete, and modify public objects, such as
address sets, time ranges, and services.

eSight
Figure 2-113 Creating an address set

eSight
Figure 2-114 Creating an area

eSight
Figure 2-115 Creating a time segment

eSight
Figure 2-116 Creating a user-defined service
Figure 2-117 Creating a service set

eSight
Figure 2-118 Creating an online user
Figure 2-119 Creating an online user group

eSight
Figure 2-120 Creating a user-defined application

eSight
Figure 2-121 Creating an application group

eSight
Figure 2-122 Creating a user-defined signature

eSight
Figure 2-123 Creating a URL category

eSight
Figure 2-124 Creating a keyword group
Figure 2-125 Creating an email address group

eSight
Figure 2-126 Creating a security group
l Security profile configuration

You can use security profiles in security policy creation to check the traffic content. eSight
checks the traffic content based on criteria defined in security profiles and executes actions
based on the check result.

eSight
Figure 2-127 Creating an antivirus profile

eSight
Figure 2-128 Creating an IPS profile
Figure 2-129 Creating a URL filtering profile

eSight
Figure 2-130 Creating a file filtering profile
Figure 2-131 Creating a content filtering profile

eSight
Figure 2-132 Creating an application behavior control profile

eSight
Figure 2-133 Creating an email filtering profile
Device global configuration

l File Blocking
Figure 2-134 File Blocking
l Anti-Spam

eSight
Figure 2-135 Anti-Spam
Security policy analysis

l Redundancy analysis
Secure Center can analyze the redundancy of security policies configured on eSight and
firewalls. Using an efficient redundancy analysis algorithm, the Secure Center can obtain
the number of totally redundant policies, partially redundant policies, and non-redundant
policies. A maximum of 20 devices can be analyzed at a time. The analysis result is
displayed using a grouping histogram to show Top 5 devices with totally redundant,
partially redundant, or non-redundant policies.
Policy redundancy details are displayed in either of the following modes:
1. PDF file for a scheduled analysis task. The PDF file lists the distribution of all
interzone redundant policies in tables based on interzones and displays the policy
redundancy status (either total redundancy or partial redundancy). If a policy overlaps
with other policies, the overlapping information in these policies is displayed.
2. Web page for an immediately executed analysis task. You can query the policy
redundancy condition of a specific device or detailed redundancy condition of a specific
policy.
Figure 2-136 Policy redundancy analysis result
l Hit analysis

eSight
Secure Center can read the device policy hit data to analyze policy hit conditions for a
maximum of 20 devices each time. The policy hit analysis result is displayed based on
interzones in terms of the hit counts and details about public objects configured for the
policies.
The policy hit analysis can be displayed in either of the following modes: PDF file and web
page. The web page mode provides more interactive functions. You can query the policy hit
condition of a specific device.
Figure 2-137 Policy hit analysis result
l Risk analysis
Secure Center can check whether the security policies configured on eSight are risky. If
you synchronize data before executing the risk analysis task, Secure Center can analyze
the risks of security policies configured on the firewalls. Using a risk analysis algorithm
and based on the specified risk analysis rules, Secure Center calculates the number of
policies with high, medium, or low risks. In addition to default system-defined risk rules,
you can create user-defined risk rules. Secure Center can analyze the policy risks of up to
20 devices each time. The analysis result is displayed using a grouping histogram to
show top 5 devices and the number of high-risk, medium-risk, and low-risk policies. It
can also display the number of high-risk, medium-risk, and low-risk policies of all
selected devices in tables.

eSight
Figure 2-138 Creating a user-defined risk rule
Policy risk details are displayed in either of the following modes:

1. PDF file for a scheduled analysis task. The high-risk, medium-risk, and low-risk
policies of all selected devices are listed in a PDF file.
2. Web page for an immediately executed analysis task. You can query the high-risk,
medium-risk, and low-risk policies of a specific device. If needed, you can also query the
risk rule matched by a risky policy.
Figure 2-139 Policy risk analysis result
l Comprehensive analysis
Secure Center can comprehensively analyze firewall security policies. Based on the
comprehensive analysis result (number of redundant policies, risky policies, and
unmatched policies), Secure Center uses a health degree algorithm to provide a score for
policies on each firewall, helping the administrator understand the overall O&M
condition of firewall policies.

eSight
The comprehensive analysis task can be executed manually or periodically. The analysis
result is displayed as lists and pie charts. You can obtain the device policy overview and
historical curve of device's health degree and export the analysis result to a PDF report.
Figure 2-140 Comprehensive analysis result
Firewall Policy Management

l Public object configuration
You can create, delete, and modify public objects, such as address sets, time ranges, and
services in a centralized manner.

eSight
Figure 2-141 Creating an address set
Figure 2-142 Creating a time range

eSight
Figure 2-143 Creating a user-defined service
l Access control policy configuration

Secure Center provides the access control function. You can configure an access control
policy based on the source address, destination address, service, and time range and set
the action to permit or block.
You can create, delete, modify, and copy security policies for devices and device groups.

eSight
Figure 2-144 Creating a firewall security policy
l Content security policy configuration

Secure Center supports IPS and AV policy configuration to control the content security for
security zones, prevent hacker intrusion and virus spread, and secure enterprise networks.

eSight
Figure 2-145 Creating a content security policy
l Policy query
You can query policy deployment status and policy context (interzone policy priorities) on the
Security Policy page. Policies on the top are matched first.
Figure 2-146 Policy query page
l Policy deployment
Secure Center supports centralized and batch policy deployment. After centralized policy
configuration is complete, you can select physical or virtual firewalls and click Deploy to
deliver security policies in batches, reducing O&M workload and operation costs.

eSight
Figure 2-147 Security policy deployment
Figure 2-148 Policy deployment result
l Policy discovery
Secure Center supports centralized and batch policy discovery. You can synchronize policies
configured on managed devices to eSight.

eSight
Figure 2-149 Batch policy discovery
l Policy removal
Secure Center supports centralized and batch policy removal. When the network is
reconstructed or migrated, you can remove unneeded policies by one-click to secure
enterprise information.

eSight
Figure 2-150 Batch policy removal
NGFW policy management

l Security policy discovery
eSight can synchronize security policies from managed devices and save the policies locally.
eSight can synchronize data from multiple devices in a batch.

eSight
Figure 2-151 Creating a policy discovery task
Figure 2-152 Policy discovery result
l Security policy configuration

A security policy controls the device to forward traffic and perform integrated content
security detection.
You can create, delete, modify, copy, enable, or disable policies. You can configure
security policies for multiple devices or device groups.
You can add comments to security policies to record the personnel that deploy policies
and the policy delivery time.

eSight
Figure 2-153 Creating an access control policy

eSight
Figure 2-154 Creating a content detection policy
l Policy group configuration

You can add policies for the same usage scenario to the same group to facilitate policy
management. You can enable, disable, configure, and adjust policy groups.

eSight
Figure 2-155 Creating an NGFW security policy group
l Policy query
You can query policy deployment status and policy context (interzone policy priorities) on the
Security Policy page. Policies on the top are matched first. You can query policy group
information, including the deployment status and whether the policy group is enabled.
Figure 2-156 Policy query page
l Policy deployment
configuration is complete, you can select physical or virtual firewalls and click Deploy to
deliver security policies and security policy groups in batches, reducing O&M workload and
operation costs.

eSight
Figure 2-157 Policy deployment
l Bandwidth Management

eSight
Figure 2-159 Create Traffic Profile

eSight
Figure 2-160 Create Traffic Policy
l SSL decryption policy configuration

If you want to detect content security of SSL traffic, you need to configure SSL
decryption policies. You can create and deploy SSL decryption policies for a single
NGFW or a batch of NGFWs. You can create SSL decryption policies for physical and
virtual firewalls and device groups.

eSight
Figure 2-161 Configuring an SSL decryption policy
l Authentication policy configuration

You can create and deploy authentication policies for a single NGFW or a batch of
NGFWs. You can create authentication policies for physical and virtual firewalls and
device groups.

eSight
Figure 2-162 Configuring an authentication policy
l Attack defense configuration

You can create and deploy attack defense policies for a single NGFW or a batch of
NGFWs.
Attack defense is classified into distributed denial of service (DDoS) attack defense and
single-packet attack defense.
Configuring DDoS attack defense
DDoS attacks include SYN Flood, UDP Flood, ICMP Flood, HTTP Flood, HTTPS Flood,
DNS Flood, and SIP Flood attacks.
Configuring single-packet attack defense
If you want to prevent single-packet attacks, enable the single-packet attack defense function.

eSight
Figure 2-163 Configuring Anti-DDoS
Figure 2-164 Configuring single-packet attack defense
l ASPF configuration
ASPF filters the application-layer packets. That is, it is a stateful packet filtering method.
After ASPF is enabled, the NGFW can identify multi-channel protocols and provide
security policies accordingly.

eSight
Figure 2-165 ASPF configuration
NIP Policy Management

l Security policy configuration
A security policy controls the device to forward traffic and perform integrated content
security detection.
You can create, delete, modify, copy, enable, or disable policies. You can configure
security policies for multiple devices or device groups.
You can add comments to security policies to record the personnel that deploy policies
and the policy delivery time.

eSight
Figure 2-166 Creating an NIP security policy
l Policy group configuration

You can add policies for the same usage scenario to the same group to facilitate policy
management. You can enable, disable, configure, and adjust policy groups.
Figure 2-167 Creating an NIP security policy group
l Policy deployment
configuration is complete, you can select physical firewalls and click Deploy to deliver
security policies and security policy groups in batches, reducing O&M workload and
operation costs.

eSight
Figure 2-168 Policy deployment
l Attack defense configuration

You can create and deploy attack defense policies for a single NIP device or a batch of
NIP devices.
Attack defense is classified into distributed denial of service (DDoS) attack defense and
single-packet attack defense.
Configuring DDoS attack defense
DDoS attacks include SYN Flood, UDP Flood, ICMP Flood, HTTP Flood, HTTPS Flood,
DNS Flood, and SIP Flood attacks.
Configuring single-packet attack defense
If you want to prevent single-packet attacks, enable the single-packet attack defense function.

eSight
Figure 2-170 Configuring Anti-DDoS
Figure 2-171 Configuring single-packet attack defense
2.15.19 LogCenter Management

eSight LogCenter is a unified security service management system developed by Huawei for
telecom carriers and industry customers. Characterized by high integration and reliability,

eSight
eSight LogCenter offers comprehensive logs analysis and audit functions over Huawei
security products.
Unified Log Management and Analysis

With a large number of routers, switches, and firewalls deployed on internal networks,
enterprises are facing a series of problems in unified log management, such as inconsistent log
formats, poor readability, and difficulty in massive log storage. The normal NMS finds
difficulty in discovering potential security risks from logs in real time.
LogCenter implements unified log management and provides multiple log collection methods
to collect Syslogs, session logs, SFTP logs, FTP static files, and FTP dynamic files. After logs
are collected from application systems and NEs, eSight LogCenter can classify, filter,
consolidate, analyze, store, and monitor the logs. These functions enable administrators to
manage massive logs in a more efficient manner to obtain the running conditions of network
and security devices, learn Internet user behavior, and quickly identify and eliminate security
threats.
In addition to unified log management, eSight LogCenter generates alarms in real time when
detecting exceptions from logs.
NAT-based Traceability
eSight LogCenter provides Network Address Translation (NAT)-based traceability of Internet
user behavior. When tracing Internet user behavior, eSight LogCenter collects session logs
from network and security devices such as MA5200G, NE40E/80E, and USG firewalls. Then
eSight LogCenter analyzes the logs in combination with user data sources (such as the AAA
server) to obtain NAT information. NAT information includes the destination IP address,
destination port, source IP address, and protocol.
Internet Behavior Management

In the Internet behavior management scenario, eSight LogCenter collects and analyzes session
and security logs of devices (such as USG firewalls) to learn Internet user behavior (such as
P2P, email, HTTP, MSN, and QQ services). Then eSight LogCenter queries and analyzes
users' Internet traffic, online time duration, keywords, web access, email sending and
receiving, application usage, network threats encountered, and file transfer operations.
Administrators can use the analysis results to manage Internet user behavior.
2.15.20 SVF Management

Super virtual fabric (SVF) is a vertical virtualization technology that virtualizes devices at the
core, aggregation, and access layers into one device for centralized device management. This
reduces the number of managed devices, simplifies operation and maintenance (O&M)
scenarios, and improves O&M efficiency.
Administrators can manage the SVF capabilities of agile switches and CE switches to
implement device monitoring, user management, and service deployment on SVF networks.
Unified Device Monitoring

eSight treats an SVF network as one device to uniformly manage and monitor wired and
wireless devices on the network.

eSight
An SVF network is displayed as one device in the topology and panel, which facilitates
centralized management of device running information and alarms on the entire network. The
information includes the running status of parent and client devices and connection status of
links between SVF members.
Unified User Management

Administrators can uniformly manage wired and wireless users connected to SVF networks.
They can also view the ASs to which wired users connect and the APs to which wireless users
connect, and perform fault diagnosis for wireless users.
l Template Management
Administrators can create, modify, and delete SVF service templates.
l Service Configuration
eSight provides three configuration matrixes to instruct users to quickly deploy SVF services,
the matrixes are SVF system configuration matrix, SVF port configuration matrix, and SVF
maintenance and configuration matrix.

eSight
2.15.21 Zero Touch Provisioning

After new switches are installed and powered on, they start the zero touch provisioning (ZTP)
process to automatically load system files such as configuration files, software packages, and
patch files. The network administrator does not need to commission the switches on site.
Making Required Files

After required files including configuration templates, software packages, patch files, and
license files are made, eSight can match required files with devices to implement topology
plan-based or device ID-based deployment.
Figure 2-172 Making required files
Topology Plan-based Deployment

eSight allows users to draw and modify network topologies and matches and delivers required
files to deploy unconfigured devices.

eSight
Figure 2-173 Topology planning
Figure 2-174 File matching

eSight
Figure 2-175 Topology comparison
Figure 2-176 Device deployment
Device ID-based Deployment

Users can create devices, match required files, and then perform deployment and activation
operations to deploy unconfigured devices by the MAC address or ESN.
Figure 2-177 Creating devices

eSight
Figure 2-178 Matching required files
Figure 2-179 Deploying devices
Figure 2-180 Activating devices
Faulty Device Replacement

Users can replace faulty devices in the physical topology using configuration files of faulty
devices or ZTP templates.
Figure 2-181 Faulty device replacement entrance

eSight
Figure 2-182 Setting faulty device replacement information
Figure 2-183 Creating a faulty device replacement task
2.15.22 eSight Mobile Management
2.15.22.1 Device 3D
The device 3D app allows you to download and install the apps of the specified device types
to view description and 3D appearance of devices, facilitating material promotion to mobile
terminals.
Currently, the device 3D app supports 44 types of devices, including switch, router, firewall,
and server.
Material Display by Device Type

The device 3D app classifies device materials by the device type, such as switch, router,
firewall, and server. You can click a specified device type to view detailed description and 3D
appearance.

eSight
Adding to Favorites
If you are interested in materials of a specified device type, you can add the materials to
Favorites. When you open the app the next time, you can directly view materials in
Favorites.

eSight
Downloading, Installing, and Uninstalling Apps

You can download, install, and uninstall apps of specified device types. After the installation
is complete, a message is displayed asking whether you want to delete the source file.

eSight
Association with eSight

On the NMS Synchronization screen, you can download and view materials of devices that
have been added to eSight, and add the materials to Favorites.
2.15.22.2 Region Monitor

eSight provides a region monitor app that can be installed on mobile terminals to monitor the
WLAN network quality by region.
l You can follow a region to monitor user experience information in the region, including
the receive rate, association success ratio, and user offline ratio.

eSight
l You can view detailed information about a region, including user experience counters in
this region and basic information about its lower-layer regions.
l You can view information about root cause counters associated with user experience
counters.

eSight
l You can view counter details to obtain troubleshooting suggestions.
2.15.22.3 360-Degree WLAN Monitoring
The 360-degree WLAN monitoring app monitors wireless network quality from the
perspective of client, AP, and AC.

eSight
l Displays user experience information and key counters by AC.

l Displays client details and allows you to query associated ACs and APs and start fault
diagnosis.
l Displays details about ACs, AP, and clients to obtain the current counter values and
suggestions.

eSight
l Displays the detailed user roaming history.

eSight
2.15.22.4 Terminal Diagnosis

The fault diagnosis app diagnoses wireless network quality on the user side. If detecting any
exception, the system displays potential problems and gives suggestions for you to rectify the
exception.

eSight
2.15.22.5 Homepage Picture Customization

l You can customize a homepage picture for the monitoring center.

eSight
l You can customize homepage picture details for the monitoring center.
2.15.22.6 Zero Touch Provisioning

The zero touch provisioning app assists eSight to implement zero touch provisioning. You
need to plan devices' location information (that uniquely identifies each device)on eSight and

eSight
map location information with deployment files. Hardware installation personnel log in to the
app to download location information and general configurations from eSight. Hardware
commissioning personnel scan device ESNs and upload location information and scanning
results to eSight to form the mappings between ESNs and deployment files.
The zero touch provisioning app allows you to view planned deployment tasks by the device
or task.

eSight
Select a specific task to view all devices in the task.

eSight
Select a specific device to view device details.

eSight
Click the device ID and the scanning icon next to Remarks on the device details page to
switch to the scanning page. On this page, you can scan QR code or bar code.

eSight
After scanning is complete, click Upload at the bottom of the device or task list to upload
information to eSight.

eSight
Click Download at the bottom of the device or task list to download deployment data to the
app.

eSight
2.15.22.7 SDK
eSight Mobile releases the open SDK to allow enterprises or third parties to develop their own
applications based on service needs, building a win-win ecosystem.
2.15.22.8 iPCA
eSight Mobile releases the iPCA application to provide the iPCA capability on mobile
terminals. The application enables users to create, manage, and view iPCA tasks and perform
hop-by-hop network quality measurement on terminals.
iPCA task list and management on terminal

eSight

eSight

eSight
eSight Mobile supports hop-by-hop diagnosis and displays data in real time.

eSight

eSight
Users can select the source and destination nodes to create a task.

eSight

eSight
2.15.23 PON Management

The PON Manager is a functional module to discover GPON access network resources and
monitor networks. Based on GPON service features, the module focuses on GPON fault
monitoring.
l ONU port communication status monitoring: Monitor ONU Ethernet port status to
indirectly monitor the communication status of terminals mounted to the ONU.
l ONU monitoring: ONU faults are primarily power off and board faults.
Monitor ONU running status (the port running status): online, power off, short fiber,
offline. Board faults will be reflected on the port.
l Line monitoring:
Line faults are frequently-used GPON faults, including fiber cut and optical module
fault.
– Monitor the operating environment of an optical module: power voltage, current,
and temperature, and the power of an optical module
– Monitor line quality: LOFI alarm quantity, number of blocks uncorrected by the
upstream FEC, number of BIP error frames, frame loss rate, and bit error rate
– Monitor the OLT UNI port status.
l OLT monitoring: The OLT is placed in the customer's equipment room and has relatively
few faults, primarily board faults. These faults can be monitored through the port status.
l OLT upstream port monitoring: Links between the OLT and switches monitor the link
traffic, for example, high bandwidth usage or packet loss arising from capacity
expansion.
Overview
eSight displays PON-related overview in graphics. The current version displays ONU status
statistics in a pie chart.
OLT Resource Management

eSight displays the OLT device list in a resource table. Users can search for basic OLT
information by OLT name and IP address. Users can synchronize the following OLT
information to eSight: GPON ports, optical modules, and ONUs mounted to the OLT. Users
can also jump to the physical topology from the resource table, and locate the OLT in the
network and check connection relationships between upstream switches. In addition, users can
click a name link to the OLT manager and check details about the OLT.
Optical Splitter Resource Management

eSight displays the optical splitter list in a resource table. Users can search for basic
information about optical splitters by OLT name and IP address. Users can add, move, delete,
and modify optical splitters. Users can also import optical splitters in batches.
ONU Resource Management

eSight displays the ONU list in a resource table. Users can search for basic information about
ONUs by OLT name and IP address. Users can move a single ONU record and change ONU
alias. In addition, users can click a name link to the ONU manager and check details about the
ONU.

eSight
ONU Topology
Users can click the PON port of the OLT to display connection relationships under the PON
port. This feature intuitively displays OLT ports and ONU status (online, offline, and alarm)
to users.
PON Portal
eSight allows users to customize the PON service portal and intuitively displays performance
indicators for users to learn about the running status of PON services. Indicators include:
TopN OLT Ethernet port receive/transmit bandwidth usage, TopN OLT Ethernet port receive/
transmit packet loss, total number of OLTs and resource status quantity, total number of
ONUs and resource status quantity, and TopN LOFI alarms.
2.15.24 AR Voice Management

eSight offers the following AR voice functions: signaling tracing, trunk tracing, call traffic
statistics, user resource statistics, and automatic NE connection.
Signaling Tracing
Signaling tracing is used to trace and monitor the protocol messages, connection of port
signaling links, and service flows dynamically and in real time. With signaling tracing, users
can know the signaling cooperation, facilitating fault location.
Trunk Tracing
With trunk tracing, users can learn about trunk information in real time.
Call Traffic Statistics

With call traffic statistics, users can collect traffic information about global, trunk incoming,
and trunk outgoing calls placed through ARs.
User Resources Statistics

With user resources statistics, users can learn about the number of callers, total users, and call
rate in real time to facilitate AR management.
Automatic NE Connection
With this function, eSight automatically creates NE connections in the topology.
Figure 2-184 Automatic NE connection

eSight
2.16 Storage Management
2.16.1 Storage Device Management

eSight provides unified management for devices of multiple types and vendors in a graphic
manner, improving O&M efficiency and lowering technical requirements for O&M personnel.
Internal Components Management of Storage System

eSight provides an intuitive view of mappings among physical and logical components of the
storage system. On the view, the device status is clear, facilitating fault locating and service
recovery.
l Block storage: logical relationship between front-end ports, controllers, RAID groups,
LUNs, and disks
Figure 2-185 Logical relationship (block storage)
l File storage: Shows logical mappings among front-end ports of NAS engines, NAS
engine nodes, file storage pools, data disks, and LUNs and disks of storage units.

eSight
Figure 2-186 Logical relationship (file storage)
Capacity Usage Management of Storage Systems

l Block storage: capacity usage management of storage devices, disks, block storage
pools, and unmapped LUNs
Figure 2-187 Capacity usage management (block storage)
l File storage: capacity usage management of storage devices, file storage pools, data
disks, and unshared file systems
Figure 2-188 Capacity usage management (file storage)
Storage System Health Management

eSight analyzes storage device operating status from performance loads, abnormal indicators,
and alarm tendency and scores the health status of storage devices. This function helps detect
system performance bottlenecks and operation risks in advance and greatly improves
efficiency.

eSight
Figure 2-189 Storage system health status
Storage Network Analysis

eSight provides a professional monitoring and analysis tool designed for SAN and NAS
networks. This tool provides functions including automatic discovery of storage network
topologies, central monitoring of alarms on storage networks, and monitoring and comparison
of storage link performance. Global and custom topologies are supported. This tool drills data
to display storage resource views, storage mapping views, host path views, and logical
mappings of hosts. Those views help users to implement multi-level monitoring and analysis
of storage paths.
l Storage network topology: Monitors the full-stack topology of the storage network
where hosts, network devices, and storage devices reside. Custom topologies are
supported.

eSight
Figure 2-190 Global topology
l Host path view: Monitors physical storage paths and displays complete paths among
hosts, host disks, HBA ports, switches (ports), front-end disk array ports, disk array
controllers, disk arrays, and volumes (LUNs).
Figure 2-191 Host path view
In the global and user-defined topology, you can click an NE or link (available to the
global topology only) to view the historical and real-time performance indicator trend
chart of the NE or link, facilitating fault location and data analysis.

eSight
Figure 2-192 NE performance
Figure 2-193 Link performance
Customized Storage Management

eSight allows users to manage non-Huawei storage devices by customizing the following
items in a graphical manner:
l Alarms
l Performance indicators
l Concerned data

eSight
When the customized devices take effect, add the devices to the NMS by automatic discovery,
singly, or in batches.
2.16.2 Storage Capacity Management

The eSight Storage Capacity Manager centrally analyzes capacity information and provides
capacity statistics, hotspot statistics, and capacity trend forecast. Capacity usage in one week,
two weeks, three weeks, and one month can be forecast to help users in capacity expansion.
Host capacity management

The host capacity management consists of hotspot statistics, capacity summary, and capacity
trend forecast.
Host hotspot statistics display all discovered hosts in lists and show current capacity usage
and capacity usage forecast in the next one month.

eSight
Capacity summary shows the used capacity and allocated capacity of hosts' databases and file
systems. Capacity trend forecast provides the capacity usage trend in the next one month.
2.16.3 Batch Storage Allocation

The eSight unified storage resource management platform allows users to create storage
pools, LUNs, and host mappings for a variety of storage devices in batches, achieving unified
storage resource allocation and management. When newly connected storage devices or hosts
with pre-allocated resources are are large in scale, storage devices to be allocated must be
planned in a centralized manner. Users can download templates to perform multi-task
configurations. In the same task, the system can create storage resources as storage pools with
the same specifications, divide LUNs, and map to specific hosts.
The system supports two storage configuration modes: web and custom script. Users can
choose either of the modes based on actual needs. After the creation, configuration tasks can
be saved as frequently-used tasks to be directly used next time.
Web Mode
In the web mode, users can create storage pools, LUNs, and host mappings.

eSight
Figure 2-194 Resource allocation
To configure resources for devices with different specifications and requirements, users can
use the templates to create multiple resource configuration tasks, performing batch resource
configuration.
Figure 2-195 Template configuration
Custom Script Mode

In the custom script mode, users can run custom configuration scripts on storage devices to
flexibly configure devices. Users can perform custom configurations over the hard disk
domains, storage pools, LUNs, hosts, host groups, port groups, mapping views, file systems,
and sharing rights.

eSight
Figure 2-196 Custom configuration
2.17 Server Management
2.17.1 Device Management

eSight offers a variety of server management functions, such as centralized server fault
monitoring, performance analysis, and virtual media integration tool. These functions greatly
improve O&M efficiency while reducing costs.
Basic Server Information
Figure 2-197 Basic Server Information
l Overview
– Displays basic server information and health status.
l Component information
– Displays basic component information and health status.
– The device view visually displays server rack graphs and displays basic server
information and health status.

eSight
– Component information can be automatically refreshed.

l Tool
– Tools offer KVM and virtual media functions.
Alarm Monitoring
eSight centrally manages alarms for all the managed devices, supports alarm reporting,
queries, and notification processing, and processes component insertion and removal events as
alarms.
Figure 2-198 Alarm Monitoring
Performance Analysis
eSight analyzes the following performance counters: server power consumption.
Customized Server Management

eSight allows users to manage non-Huawei servers by customizing the following items in a
graphical manner:
l Server alarms
l Server performance indicators
l Concerned data
When the customized servers take effect, add the servers to the NMS by automatic discovery,
singly, or in batches.

eSight
2.17.2 Server Stateless Computing Management

The eSight Server Stateless Computing Manager abstracts server hardware configurations as a
file to flexibly change server configurations, enhancing server replacement and capacity
expansion efficiency.
Quick Start
Stateless computing provides a quick start, guiding users to define server configurations step
by step and configure a logical server. When the configuration is complete, the configuration
can be loaded into specific servers for activation.
Figure 2-199 Quick start for stateless computing
Pool Configuration
A pool defines the network adapter, HBA card, and UUID ID information to dynamic manage
IDs.

eSight
Figure 2-200 Pool configuration
Adapter
The adapter is used to define HBA, CNA, and RAID configurations. Creating a profile
requires an adapter to define adapter information on a logical server.
Figure 2-201 Adapter configuration
BIOS Policy
Users need to define BIOS policies. Creating a profile requires a BIOS policy to define BIOS
configuration on a logical server.
Figure 2-202 BIOS policy configuration

eSight
Profile Configuration File

Users can use a profile to flexibly combine BIOS policies and adapter information to form an
available server with new configurations.
Figure 2-203 Profile sample
Device Set
A device set is used to manage stateless computing devices by category. Users can use a
device set to associate and activate devices and profile files. After activation, hardware
configurations in the profile will apply to devices.
Figure 2-204 Stateless computing device set
Device Group
This function allows users to manage devices by group. Devices within a group share a profile
to load server configurations in batches.
Figure 2-205 Stateless computing device group

eSight
2.17.3 Server Deployment Management

The eSight Server Deployment Manager allows users to configure the following information
about Huawei servers in batches: BIOS configuration, network configuration, RAID card
configuration, operating system deployment, HBA, and CNA, as well as VLANs, stacks, and
user-defined commands of E9000 switch boards.
Configuration Template
The configuration template is used to create and manage deployment-related templates. A
configuration template is used to quickly create configuration files.
Figure 2-206 Configuration template
Configuration Task Management

Users can implement, stop, delete, modify, and view configuration tasks.
Figure 2-207 Configuration task management
Software Source Management

With software source management, users can manage system mirroring files required during
operating system deployment.
Figure 2-208 Software source management

eSight
2.17.4 Firmware Version Management

eSight provides Huawei servers with firmware upgrade services, covering server BIOS,
RAID, iMana, CNA, FPGA, LCD, MM, PCIe SSD, NVDIMM, and IB adapter, as well as
Fabric, BMC, and CPLD of E9000 switch boards.
Upgrade Package Management

Users can upload required firmware upgrade packages and manage the uploaded packages in
a unified manner.
Upgrade Task Management

Users can execute, stop, delete, and modify upgrade tasks and view the task results.
2.18 Virtual Resource Management

eSight allows users to centrally monitor and manage a variety of computing virtual resources,
including VMware ESX/ESXi Server, Huawei FusionCompute, and FusionAccess. Managed
objects include clusters, virtual servers, VMs.
eSight offers virtual resource management functions, and integrates entries for information
query, maintenance, and operation of a single NE to one page, which facilitates monitoring
and maintenance of a single NE.
Cluster Management
l Displays basic cluster information in a list, and display details on the details page.
l Displays basic information and details about a virtual server within a cluster.
l Displays statistics about the capacity of a selected cluster, as well as the status of virtual
servers and VMs within a cluster.

eSight
l Quickly searches for virtual servers within a cluster by criteria.

l Checks the host routing table of a selected virtual server to quickly locate network
problems related to host routing.
Figure 2-209 Cluster management
Virtual Server Management

l Displays basic virtual server information in a list, and display details on the details page.
l Displays basic information and details about a VM within a virtual server.
l Displays statistics about the capacity of a selected virtual server, as well as the status of
VMs within a virtual server.
l Quickly searches for VMs within a cluster by criteria.
l Checks the host routing table of a selected virtual server to quickly locate network
problems related to host routing.

eSight
Figure 2-210 Virtual server management
VM Management
l Displays basic VM information in a list, and display details on the details page.
l Provides a VM hyperlink for users to check VM details on the NE manager.
l Quickly searches for VMs by criteria.
l Provides mapping topologies between virtual components (VM disk and network
adapter) and physical resources (storage devices and servers), and updates component
status and performance data in real time.
l Provides connection topology management over virtual servers and storage devices
related to VMs, presenting the traffic path for data flows of VM services via the data
center egress.
l Supports global search and quickly locates resource instances, including clusters, virtual
servers, and VMs.
l Performs particular monitoring over specific VMs. Users can quickly locate clusters,
virtual servers, and VMs with top N CPU usage, memory usage, and hard disk loading,
facilitating resource monitoring and fault locating.

eSight
Figure 2-211 VM management
2.19 Application Management

eSight manages a variety of applications, including mainstream operating systems, databases,
middleware, application servers, email services, and web services.
The following table lists applications that can be managed by eSight.
Type Application
Operating system Windows
Linux
Solaris
FreeBSD
OpenBSD
IBM AIX
IBM AS400
SCO Unixware
SCO OpenServer
Database DB2
Informix
MySQL
Oracle

eSight
Type Application
SQLServer
Sybase
DM database
Middleware IBM MQ
MS MQ
MicroSoft SharePoint
Weblogic Integration
Application server GlassFish
Jboss
Tomcat
MicroSoft .Net
Resin
Weblogic
WebSphere
Web service Apache HTTP Server
Microsoft IIS
Network service
Web page
Web URL sequence recording monitoring
Email service Microsoft Exchange
SMTP, POP mail server
System service Active Directory
LDAP
DNS
FTP
Application Monitoring
l Provides application resource overview to present the health status and key indicators of
a variety of application resources. Users can customize information to display, and
configure the automatic refresh period of monitoring information.

eSight
l Provides application resource summary to present the quantities of application resources

by type. Users can click a resource type to view the resource list.
l Provides the application resource details view to aggregate and present application
resource details and monitoring data.
Business View
eSight can manage application resources as services in topologies. In topologies, you can
clearly view the relationships between application resources, such as servers, middleware, and
databases. You can also view alarm status of IT resources and perform common maintenance
operations, for example, viewing alarm and application information.
l Topologies can intuitively show mapping between resources and services to achieve
quick and accurate fault location.

eSight
l eSight provides a clear overview for administrators about the running status of the
overall service system, such as the downtime, availability, mean time to repair(MTTR),
and mean time between failures (MTBF).
Threshold Alarm
eSight triggers alarms when an indicator of application resources meets the specified
conditions. As for the same indicator, eSight generates alarms of different severities based on
the value of the indicator.
eSight pre-integrates 10 types of alarm threshold schemes based on different services of

application resources. Users can modify default schemes or create new threshold schemes.
Application Report
During the operation, eSight collects a large amount of data and saves it to the database. The
database then summarizes, analyzes, and calculates the data, and exports graphical reports that
are easy to understand. These reports help maintenance engineers analyze the IT environment
and give support for system optimization and capacity expansion.
eSight provides seven types of reports:
l Performance statistics report

Daily, weekly, and monthly perform statistics reports can be generated according to the
device or application type, such as network device, link, server, database, and
middleware.

eSight
l Performance comparison report

Performance comparison reports can be generated in two ways: (1) Performance of the
same resource in different time segments: You can select a resource (such as a server,
switch, or database) and different time segments to compare the resource's performance
in these time segments. (2) Performance of different resources in the same time segment:
You can select multiple resources (such as several servers, switches, or databases) and a
specified time segment to compare their performance in the time segment.
l Performance trend report
The performance trend report intuitively presents the trend of an IT resource's historical
performance data in different time segments. To generate a performance trend report for
a resource, add the resource to a resource group by type or location and click the
resource name in the navigation tree.
l Customized report
Customized reports have the highest flexibility. You can create report templates for
different purposes. To generate a report, click the report generation button in the report
template. The system then automatically generates a report as specified.
When creating a report template, you can set the report title, statistical period, data
source (indicating the resources to be monitored, such as network devices, servers, and
databases), and statistical indicators (select only the most frequently used and most
concerned ones).
l Top N report
Multiple Top N reports are available, covering the ICMP response delay, ICMP packet
loss rate, CPU usage, memory usage, system load, database increment, database buffer
hit rate, and tablespace data increase. You can also create a Top N report by specifying
statistical criteria, such as the data source, number of data items, and time segment.
l Availability report
The availability report collects statistics on availability of all monitored resources in a
specified time segment. The statistics include the continuous running time, downtime,
number of shutdown times, proper running percentage, MTTR, and MTBF. In this
report, the resources can be sequenced by an indicator in ascending or descending order.
In this way, you can locate the lowest-availability resource at a glance.
l Resource report
The resource report shows the types and quantities of monitored resources(including
devices, servers, database, and middleware) in a bar chart.
2.20 Infrastructure Management

The eSight Facilities Infrastructure Manager provides comprehensive management functions
for the data center infrastructures, including:
l Power equipment: The power equipment includes precision air conditioners,

uninterruptible power systems (UPSs), power distribution frames (PDFs), and AC
transfer switches (ATSs). The eSight Infrastructure Manager allows you to view real-
time data of power equipment, such as the operating status, parameters, and alarm
information.
l Engine room air conditioning:
The eSight Facilities Infrastructure Manager allows you to remotely start or shut down a
precision air conditioner, and change the temperature and humidity thresholds.

eSight
l Cabinet: The eSight Facilities Infrastructure Manager manages the micro-environment of

a cabinet. This allows you to view cabinet environment information and learn about the
usage of resources, such as space, power supply, heat dissipation, and loads.
l Environment: The eSight Infrastructure Manager uses collectors to monitor environment
parameters, such as smoke, temperature, humidity, and water leakage, in a data center.
This allows you to view smoke density, temperature, and humidity in the data center or
its modules in real time.
l Security equipment:
The eSight Infrastructure Manager supports the access and management of cameras, and
real-time video browsing, storage, and playback.
l Access Control System: This is an integrated access card-based user management
solution, making the access right controllable and auditable.
View Management
The eSight Infrastructure Manager provides views displaying the positions and operating
status of all the devices in the data center. This function allows you to monitor the devices in
real time.
Energy Efficiency Analysis

Provides the power consumption statistics, PUE, electricity cost counting, power consumption
reports, and historical power consumption data analysis. You can query power consumption
status of various management domains, such as IT equipment, lighting facilities, and the total
power consumption. In this manner, you are provided with the real-time power consumption
status, historical power consumption status, and power consumption distribution of each
subsystem, helping optimize the power consumption of the data center.
l Energy consumption assessment on a layer or level basis

You can customize consumption nodes in districts and equipment rooms in the power
distribution view to calculate energy consumption of various layers or levels.
l Dashboard display of energy consumption analysis
One page fully demonstrates all power efficiency information of one management
domain.
l Historical data analysis
You are allowed to query the historical data of a certain period to analyze the power
consumption trends.
l Multistep electricity price
The energy consumption cost of the data center can be vividly displayed.
l You can customize tariff strategies, add monthly or time period-based tariff strategies,
and modify or delete tariff strategies.
Video Management
The video management develops the following functions:
l eSight can connect to IP cameras.
l eSight can also independently deploy video integration over the web user interface
(WebUI).

eSight
l eSight allows you to view real-time videos, query video source configurations, and save
the configuration information.
l Camera management
You can create or delete a camera, query cameras based on the name or IP address, view
detailed information about a camera, such as the name, No., recorded location, supplier,
IP address, model, and status, and modify the information.
Report Management
eSight provides resources, performance, energy consumption, and capacity statistics reports:
l Presents reports in graphics, such as curves, histograms, and pie charts.
l Allows you to export reports as an Excel or PDF file and print reports for analysis.
l Allows you to modify the report storage capacity and upload customer logos.
l Generates reports based on tasks, saves periodic reports in a report storage disk, and
sends reports by email as configured.
Access Control
The eSight Infrastructure Manager provides an access control system that manages access
controllers and access control card holders of cabinet-level access controllers.
l Access control: provides an access control system that manages access controllers and
event monitoring. The access management function enables you to configure IP
addresses for access controllers and configure the management server.
l The time management function enables you to manage the access control in the specified
time periods or holidays.
NOTE
The cabinet-level door status sensor does not support the time management function.
l The user management function enables you to manage the users and user groups.
Capacity Statistics and Analysis

eSight provides capacity statistics and analysis to stay informed of facilities information and
support decision-making.
l Rack and cabinet location, capacity of power distribution, cooling, and weight bearing
can be collected and analyzed.
l Capacities can be synchronized based on the expansion and migration.
Capacity Optimization Design

Optimize the configuration of the cabinet based on the properties of devices:
l Design device migration, addition, and change scenarios.
l Analyze device relocation and automatically allocate optimized resources.
Temperature Map
The overall temperature distribution of the equipment room is clearly displayed.
The cold and the hot spots can be effectively identified:

eSight
l The analyses of temperature distributions on top, middle, and bottom levels are
available.
l Place the mouse where you want to query and temperature and related device
information can be displayed.
l The top 5 high temperatures and top 5 low temperatures can be analyzed.
Linkage Control
This function helps improve O&M service quality in an IDC. The following two linkage
controls are available:
l Modular data center skylight ceiling linkage control

l Container data center humidifier linkage control.
2.21 Collaboration Management
2.21.1 Unified Communications Management

eSight provides unified communications (UC) management capabilities that offer an array of
operation, administration, and maintenance (OAM) functions for the UC system. These
functions include simplified UC device configuration, wizard-based service installation and
configuration, one-stop service deployment, end-to-end visual network surveillance, and
intuitive display of fault information.
NOTE
To use these functions, users must have eSight EC/CC Device Manager installed.
2.21.1.1 IP PBX Management

eSight can manage IP private branch exchanges (PBXs) and provides functions including
default subnet creation, IP PBX connection, device management, service management,
configuration management, alarm management, performance management.
Connecting an IP PBX to eSight

eSight provides three methods to connect IP PBXs to it:
l (Recommended) Batch import: After you specify the IP address, port number, login user
name, and password of each IP PBX that you want to connect to eSight in a template, the
IP PBXs can be imported to eSight in a batch.
l Automatic discovery: eSight can use the automatic discovery function to add IP PBXs
automatically.
l Manual configuration: You can manually add IP PBXs to eSight one by one.
Device Management
l Device Information
Used to view detailed IP PBX information, including the system, license, version, and patch
information.

eSight
l Ping Test
Used to test the network connectivity between an IP PBX and other devices on the network.
l Signaling Tracing
Used to monitor protocol messages, signal link connection on ports, and service flows in real
time, which helps in fast fault location.
l Traffic Statistics
Used to collect statistics on global Real-Time Transfer Protocol (RTP) messages, Session
Initiation Protocol (SIP) sessions, SIP sessions on the outgoing trunk, SIP sessions on the
incoming trunk, and duration of a SIP session.
l Command Tree
Used to display common IP PBX commands in a tree structure.
l Configuration Backup and Restoration
Used to back up and restore the IP PBX configuration data.
l Operation Log
Used to record user operations and results.
l Run Log
Used to record logs of the info, warning, and error levels during the IP PBX operation.
l Device Panel
The IP PBX panel provides a device simulation graphical user interface (GUI) where you can
manage IP PBX's components, for example, boards.
l Trunk Tracing
Used to query the number of trunks that are occupied in real time and the number of trunks
that were occupied during a historical period, which facilitates trunk monitoring and
expansion.
l DSP Tracing
Used to query the number of Digital Signal Processor (DSP) resources that are occupied in
real time and the number of DSP resources that were occupied during a historical period.

eSight
l Patch Management
Used to view, load, activate, deactivate, save, delete, and update patches of the IP PBX
boards.
l Voice Quality Abnormality
When an IP PBX detects voice quality abnormality, it actively reports the abnormality and
voice quality parameters to eSight through Trap messages. eSight saves voice quality data
independently for further analysis or exports the data in files.
Service Management
IP PBX resource statistics contains Primary Rate Adaptation (PRA) resource statistics, user
resource statistics, and DSP resource statistics.
l PRA Resource Statistics
A PRA trunk is a digital circuit trunk that uses E1 or T1 trunk cables to connect to peer
devices. PRA resource statistics help you learn PRA resource usage on IP PBXs in real time.
l User Resource Statistics
User resource statistics help you learn the number of calling users, total number of users, and
call rate to facilitate IP PBX management.
l DSP Resource Statistics
DSP is a micro processor that is dedicated to processing digital signals in real time. DSP
resource statistics help you learn DSP resource usage on IP PBXs in real time.
Voice Quality Abnormality
When an IP PBX detects voice quality abnormality, it actively reports the abnormality and
voice quality parameters to eSight through Trap messages. eSight saves voice quality data
independently for further analysis or exports the data in files.
You can configure SIP trunks, active and standby servers, and software parameters for IP
PBXs in a batch.
Alarm Management
For details, see Alarm Management in Functions and Features.
Performance Management
For details, see Performance Management in Functions and Features. Major performance
counters include CPU and memory usage and usage of service resources such as conference
resources.
Large Screen Management

eSight displays E1 resource usage of IP PBXs on a large screen.

eSight
2.21.1.2 U2900 Management

eSight can manage U2900 devices and provides functions including default subnet creation,
U2900 device connection, device management, certificate management, alarm management,
and performance management.
Introduction to the U2900

The U2900 series consists of the U2980 and U2990. Two types of NEs are connected to the
U2900, and they are Carrier-Grade Device Environment (CDE) and universal access platform
(UAP). When you add a U2900 on eSight, the CDE and UAP connected to the U2900 are
added to eSight automatically.
Connecting a U2900 to eSight

U2900 devices use the operation and maintenance unit (OMU) to connect to eSight. You can
only manually add U2900 devices one by one and do not need to set device protocol
parameters.
Device Management
eSight allows you to view the following information on the simulated device panel:
l Real-time status of boards and servers
l Time sequence of a Circuit Interface Unit (CIU) board

eSight

eSight
For more information about the U2900 device panel, see the Product Documentation of the
U2900.
Certificate Management
When any certificate needs to be updated or customers want to use their own certificates, you
need to upload new certificates. The certificate management function for the U2900 allows
you to replace the built-in certificate files of eSight. After certificates are updated, U2900
series devices can obtain the new certificates from eSight.
Alarm Management
For details, see Fault Management in Functions and Features.
For details, see Performance Management in Functions and Features.
2.21.1.3 USM Management

eSight can manage USM devices and provides functions including default subnet creation,
USM device connection, device management, performance management, and alarm
management.
Connecting a USM Device to eSight

USM devices use the OMU to connect to eSight. You can only manually add USM devices
one by one and do not need to set device protocol parameters. You can perform alarm and
performance management for USM devices on eSight only after they are added to eSight.
Integrated Software and Hardware Management

eSight displays KPI information of USM's distributed servers as well as the key service
running status on the homepage of the USM Device Manager. KPI information includes the
CPU, memory, disk, and network interface usage.
Alarm Management
2.21.1.4 IAD Management

eSight can manage integrated access devices (IADs) and provides functions including default
subnet creation, IAD connection, device management, configuration management, alarm
management, and performance management.
Connecting an IAD to eSight

eSight provides three methods to connect IADs to it:

eSight
l (Recommended) Batch import: After you specify the IP address, access gateway, user
name, and password of each IAD that you want to connect to eSight in a template, the
IADs can be imported to eSight in a batch.
l Automatic discovery: After you configure the IP address of eSight on IADs, eSight can
automatically discover the IADs.
l Manual configuration: You can manually add IADs to eSight one by one.
Device Management
l Basic Configuration
– Network Parameters
Used to set the IAD network parameters, including the IAD IP address, subnet
mask, gateway, and DNS.
– NMS
Used to set the parameters for connecting IADs to eSight, including the eSight IP
address, read/write community, port, and handshake interval.
– Device Time
Used to set the IAD time. You can manually set the IAD time or set the IAD time to
the current time on eSight.
l Advanced Configuration
– Protocol Switching
Used to switch the protocol used by IADs.
– Trap Function
Used to set whether IADs are allowed to report Trap messages to eSight.
– RTCP Alarm Threshold
Used to set the Real-Time Transport Control Protocol (RTCP) alarm threshold.
– Port Lock Threshold
Used to set the duration between the time when a port lock alarm is generated and
the time when the port lock alarm is reported.
l Service Configuration
– Service Configuration (MGCP)
Service configuration (MGCP) includes fax parameters, DTMF digit collection,
MGCP authentication mode, MGCP parameters, MGC, MG interface parameters,
TOS/COS and port attributes.
– Service Configuration (SIP)
Service configuration (SIP) includes digit map, proxy server, voice parameters, fax
parameters, DTMF digit collection, local switching, and local-switch route.
l System Tool
– Version Information Query
Used to query versions of IADs.
– Ping Test
Used to test the network connectivity between eSight and the IAD IP address.
– Configuration Backup and Restoration
Used to back up and restore the IAD configuration data.

eSight
– SIP User Information Backup and Restoration

Used to back up and restore SIP user information.
– DSP Channel Status Display
Used to view the DSP channel status.
– MG Link Status Display
Used to view the MG link status.
– Port Statistics
Used to view the status of all service ports on an IAD.
– Configuration Saving
Used to save the IAD configuration.
– Configuration Restoration
Used to restore the IAD configuration.
– Device Restart
Used to restart IADs.
– Country Code Query
Used to query the country code of the area to which an IAD belongs.
l Batch Configuration
With the batch configuration function, you can set a parameter on multiple IADs to the same
value. The following items can be configured in batches: network parameters, protocol
switching, proxy server, NMS parameters, configuration saving, read community, and write
community.
l Upgrade Management
– Manual Upgrade
IADs can be upgraded in a batch. You can upgrade IADs immediately or at a scheduled
time.
l Automatic Upgrade
After the automatic upgrade function is enabled, an IAD periodically detects the upgrade
file on the File Transfer Protocol (FTP) server and automatically upgrades the software.
This function applies to the upgrade of a large number of IADs.
Alarm Management
2.21.1.5 UAP3300 Management

eSight provides the service management function for UAP3300 devices.

eSight
Connecting a UAP3300 to eSight

eSight provides two methods to connect UAP3300 devices to it:
l Automatic discovery: eSight can use the automatic discovery function to add UAP3300
devices automatically.
l Manual configuration: You can manually add UAP3300 devices to eSight one by one.
Alarm Management
2.21.1.6 UC Application Management

eSight can uniformly manage applications in UC solutions, including the eServer, MAA,
AppAgent, UMServer and BMU and provides UC subnet creation and alarm management
functions.
Creating a UC Subnet
After a UC subnet is created, eSight automatically adds applications and services in a UC
solution to the UC subnet.
Alarm Management
Topology Management
For details, see Topology Management in Functions and Features.
Monitoring Service Status

After SSH parameters of the ECS server are configured, you can monitor process status of the
ECS server on eSight.
Collecting Logs
After SSH parameters of the ECS server are configured, you can download logs of the ECS
server on eSight.
2.21.1.7 CC Application Management

eSight can manage applications in the eSpace Contact Center (CC) solution and provides
functions including CC subnet creation, device management, and alarm management. The
managed applications include business intelligent report (BIR), Cloud Management System
(CMS), computer telephony integration (CTI), eSpace Agent Desktop, DataStation,
Emergency CC Data Server (EDS), Agent, Internet Contact Service (ICS), Intelligent
Scripting, and Huawei Proactive Service (HPS).

eSight
Creating a CC Subnet
After a CC subnet is created, eSight automatically adds devices in a CC solution to the CC
subnet.
Device Management
l CTI management: eSight supports NE management, alarm management, and
performance management for the CTI system.
l BIR, CMS, and eSpace Agent Desktop management: eSight supports alarm management
for the BIR, CMS, EDS, and eSpace Agent Desktop applications.
Alarm Management
Topology Management
For details, see Topology Management in Functions and Features.
2.21.1.8 VTM Device Management

eSight can manage the Virtual Teller Machine (VTM) Manager and VTM terminals in the
eSpace VTM Remote Bank solution, and provides functions including subnet creation and
device connection.
Connecting a VTM Device to eSight

Manual configuration: You can manually add VTM devices to eSight one by one.
Managed Objects
l VTM Manager
The VTM Manager, a component of the Virtual Teller Center (VTC), remotely monitors,
maintains, and manages VTM terminals. It provides VTM terminal status information
and service reports.
l VTC
The VTC provides remote virtual teller services for users. The VTC system includes a
Media Control Center (MCC) module, a Multimedia Collaboration Management System
(MCMS) module, and an IAS. The MCC controls calls and provides interfaces for query
of information such as bank account permissions and call information. The MCMS is
used by inspectors to monitor tellers, check teller service quality, and manage the system.
The IAS provides the access service for mobile terminals and the anonymous call service
for Internet users.

eSight
2.21.1.9 EC Outsourced Device Management

eSight can manage the SBC, VCLOG, and UMS, and provides functions including device
management and alarm management for them.
Connecting a UC Outsourced Device to eSight

l SBC (SX series)
– Batch import: After you specify the IP address, ESN, login user name, and
password of each SBC device that you want to connect to eSight in a template, the
SBCs (SX series) can be imported to eSight in a batch.
– (Recommended) Automatic discovery: eSight can use the automatic discovery
function to add SBCs (SX series) automatically.
– Manual configuration: You can manually add SBCs (SX series) to eSight one by
one.
l SBC (SE series)
– You can manually add SBCs (SE series) to eSight one by one.
l VCLOG and UMS
– You can manually add the VCLOG and UMS to eSight one by one.
Device Management
You can configure network parameters, service ports, and soft switching for SBCs (SX series)
and restart them on eSight. The device restart as well as soft switching and service port
configurations can be performed in a batch.
eSight can upgrade SBCs (SX series) devices in a batch. eSight can upgrade them
immediately or at a scheduled time.
Alarm Management
2.21.2 Telepresence Meeting Management

eSight provides a Telepresence Device Manager component that offers an array of OAM
functions for the telepresence system, which ensures better device management. These
functions include the meeting resource discovery and system topology management. You can
view the alarm data of telepresence devices to monitor the device running status and quickly
locate faults.
NOTE
To use these functions, you must have the Telepresence Device Manager installed.
2.21.2.1 Telepresence Device Management

eSight can manage Telepresence devices and provides functions including subnet creation,
device connection, device management, service management, and alarm management.

eSight
Connecting a Telepresence Device to eSight

l Terminals (TE, VCT, and DP300), MCUs, TPs (RPs), and GKs
– Automatic discovery: eSight can use the automatic discovery function to add
Telepresence devices automatically.
– Manual configuration: You can manually add Telepresence devices to eSight one by
one.
l TPs (Tri-Screen, Uni-Screen, and TP codec)
You can manually add TPs to eSight one by one.
Device Management
l TE
Basic configuration, user settings, SIP parameters, network configuration, SNMP
parameters, audio parameters, and network address book
l MCU
– System configuration: device time, automatic restart, RTP, FTP, QoS, and DNS
– Network configuration: network port, SNMP, and trap
– Signal configuration: H323, GK, and SIP
l TP
System configuration: GK and SIP
Alarm Management
Managed Objects
l Terminal
In the Telepresence system, terminals are endpoints that encode and decode audio and
video signals.
l MCU
A Multipoint Control Unit (MCU) is used for terminal access, video exchange, audio
mixing, data processing, and signaling exchange.
l TP
A TP, a Telepresence product developed by Huawei, uses high-definition video encoding
and digital image stitching technologies, bringing true-to-life widescreen video images.
It also adopts professional multi-channel audio capture and reproduction technologies to
achieve superior surround sound localization. Using the TP, users can enjoy remote
conferencing with life-size participant display and face-to-face experience
l GK
The gateway keeper (GK) is a core component of the Telepresence system. It is located
at the network control layer to manage nodes including the MCU, terminals, and
gateways. Node management functions provided by the GK include address resolution,
domain management, access control, registration management, call management,
bandwidth management, and route management.

eSight
2.21.3 Video Surveillance Management

eSight provides an IVS Device Manager component that offers an array of OAM functions for
the Intelligent Video Surveillance (IVS) system to ensure better device management. These
functions include video surveillance resource discovery, system topology display, and
performance and data management. Users can view the performance and alarm data of
surveillance devices to learn the device running status and quickly locate faults.
NOTE
To use these functions, you must have the IVS Device Manager installed.
2.21.3.1 IVS Application Management

eSight manages applications in the Huawei eSpace IVS solution, and provides functions
including subnet creation, device connection, device management, alarm management, and
performance management.
Creating a Subnet
l eSpace IVS solution
After IVS subnets are created, eSight automatically adds IVS devices (MAU, MPU, MTU,
TAU, VMU, and VCN3000)to the matching subnets based on the IVS device's IP address.
Service Overview
eSight displays key counters of the video surveillance application, so that users can obtain the
service running status.
The counters are as follows:
l Offline camera ratio

l Fault ratio of SD cards
l Device-level packet loss ratio
l CPU and memory usage
l RAID storage usage
Service Topology
Integrated software and hardware management for video surveillance VCN devices is
implemented in the service topology. eSight displays hierarchical relationships among the
VCNs and the status of each VCN. The offline camera ratio statistics display the offline trend
of cameras on the entire network or on a specific VCN during a certain period. eSight
supports graphical display of the offline camera ratio, so that you can obtain cameras' online
information.
IPC Offline Statistics

eSight displays the offline ratio, times, and time segment of cameras. Users can query real-
time offline information of a single camera.

eSight
Network Quality Diagnosis

eSight can diagnose the network quality for transmitting videos between the IPC and video
surveillance platform.
Alarm Management
Managed Objects
l eSpace IVS solution
– MAU: main control unit of the intelligent analysis subsystem in the eSpace IVS
solution. The MAU provides task management, rule management, and load
balancing functions.
– MPU: media processing unit in the eSpace IVS solution.
– MTU: media transcoding unit in the eSpace IVS solution for transcoding and
distributing media data.
– TAU: terminal access unit in the eSpace IVS solution.
– VMU: video management unit in the eSpace IVS solution.
– Front-end device: video shooting device in the eSpace IVS solution.
– VCN3000: integrated intelligent monitoring product that combines the IVS
platform and professional storage capabilities.
eSight enables users to configure the configuration files of IVS application modules. It
forwards configurations to specific modules through configuration interfaces on the UOA to
ensure data synchronization with the modules.
eSpace IVS solution application modules include the OMU, DCG, SCU, MU, PCG, MAUS,
SMU, SafeVideo, HTTPS, and RSTP. For detailed module information, see the eSpace IVS
Product Documentation.
2.21.3.2 IVS Data Analysis

eSight provides diversified reports for many statistical items such as online device ratio,
offline device ratio, and faulty device ratio. These reports can be generated immediately or
periodically, and users can export them in Excel files. eSight reports meet common network
operation and maintenance (O&M) requirements and provide data support for device statistics
collection.
Report Management
Users can create and manage immediate and periodic report tasks on the report management
page.

eSight
l Immediate report task

Users need to manually run an immediate report task. Once an immediate task is
executed, a report reflecting the statistics at that time is generated. Once an immediate
task is executed, users can click the generated report to open it. When viewing the report,
users can also export it in a file of the specified format.
l Periodical report
After eSight performs a task at an interval specified by the user, traffic statistics of a
specified period is displayed. Once a periodic task is executed, a report reflecting the
statistics within the specified period of time is generated and saved on eSight. Users can
view and manage all reports generated by a periodic report task.
2.21.4 IP Phone Management

eSight can manage IP phones and provides functions including creation of IP phone group,
device connection, automatic deployment, device management, service management, and
configuration management.
NOTE
The management functions provided by eSight vary depending on IP phone models. The following
describes all the functions.
Connecting IP Phones to eSight

l Group creation: eSight manages IP phones on a specified IP segment as one group. After
you create IP phone groups, IP phones are automatically added to the corresponding
groups based on their IP addresses. You can also define IP phone groups to classify IP
phones.
Three types of IP phone groups are available:
– IP segment-based group: After IP phones are connected to eSight, eSight
automatically adds them to the corresponding groups based on their IP addresses.

eSight
– User-defined group: You need to manually add IP phones to a user-defined group.

After an IP phone is added to the user-defined group, it establishes a binding
relationship with the group. This method applies when IP phones cannot be grouped
based on IP addresses or when there are special grouping requirements.
– Default group: If an IP phone cannot be grouped based on the IP address or be
manually added to a group, it is added to the IP phone to the default group. The
license count also reduces by 1 every time an IP phone is added to the default
group.
l Active access: After DHCP parameters are set, IP phones automatically obtain the IP
address of eSight and connect to eSight. For details, see the configuration guide of IP
phones.
l Batch import: After you specify the IP address, physical SN, and access gateway of each
IP phone that you want to connect to eSight in a template, you can import the IP phones
to eSight in a batch. This method takes a long time.
l IP Phone Management Configuration
You can set parameters such as upgrade parameters, network access certificate
application, and IP phone access certificate application for managing IP phones.
Service Resource Management

l Certificate Application and Management
IP phones can be connected to eSight only after they obtain certificates issued by the
Certificate Authority (CA). This function can import certificates for IP phones in a batch
to facilitate certificate management.
l Number Resource Management
eSight can automatically allocate numbers to connected IP phones, implementing plug-
and-play of IP phones.
Device Management
You can perform operations, including Device Restart, Fault Information Collection, and
Web Management, for IP phones on eSight.
l Access Scan
When no DHCP server is available, IP phones cannot actively connect to eSight because
they fail to obtain the IP address of eSight through DHCP. In this case, eSight provides
the access scan function to scan IP phones in specified network segments and modify its
IP address on the IP phones, so that the IP phones can connect to eSight.
NOTE
The access scan function applies to eSpace 7910 IP phones and eSpace 7950 IP phones of
V100R001C02 or later as well as eSpace 8950 IP phones of all versions.
Deployment Management
l Configuration file management
Configuration file management allows you to modify common parameters in the
configuration file template to batch modify IP phone configuration parameters.

eSight
You can specify a configuration policy to determine whether the parameters take effect
for all or specified IP phones.
l Version file management
eSight can manage manually upgraded and automatically deployed versions.
l Automatic deployment
This function associates subnets with configuration files, version files, and number
allocation information to implement plug-and-play deployment of IP phones, simplifying
configurations of end users.
l Number allocation
During automatic deployment, eSight can allocate numbers to IP phones, so that IP
phones are available for use immediately after they are connected to a network. eSight
allocates numbers to IP phones in a pre-defined mode or random mode.
l Manual deployment
You can manually upgrade IP phones or change their configurations in a batch, or
perform a scheduled upgrade task.
2.21.5 Database Application Management

eSight provides the alarm management and perform management functions for database
applications.
Monitoring Principle
Database application devices provide the SNMP agent to monitor the system. eSight monitors
databases after you start the SNMP agent on the databases.

eSight
On the network, the SNMP agent and eSight server are the key components for monitoring
databases.
l SNMP agent: collects the alarm and performance data from databases and reports the
data to the eSight server.
l eSight server: stores the alarm and performance data of third-party devices and displays
the data on the eSight client.
l Client: displays the alarms reported by databases.
l Peripheral equipment: collects and reports its own alarms to the eSight server through
the SNMP agent.
2.22 eIMS Management

eSight offers a wide array of eIMS management functions, including NE access, topology,
alarm, performance, MML Client, and configuration data synchronization.
NE Access
eIMS allows users to add a single NE, users can also manage the NE connection status and
management status in the topology or on the eIMS device page.

eSight
Topology Management
In addition to all the functions mentioned in 2.5 Topology Management, eSight also offers
the following topology management functions for eIMS:
l Updates the eIMS connection and alarm status in the physical topology in real time.
l Allows users to right-click an eIMS to display the entries for current alarms and the
MML Client.
Alarm Management
In addition to all the alarm management functions mentioned in 2.3 Alarm Management,
eSight also allows users to manually and automatically synchronize current alarms, and clear
specific current alarms for devices.
By default, eSight offers key, major, and minor performance indicator templates. After
devices are connected to eSight, collection tasks about key performance indicators (KPIs) are
automatically added to collect performance data about network-wide devices.
MML Client
The MML client allows users to deliver MML commands to NEs of the same type and
version on eSight. The MML client offers a function-specific command navigation tree,
allows users to filter, search for, and sort NEs, supports MML command association and
online help, and records executed historical commands. Before executing a command that
may have severe negative effects, the MML Client informs users of possible execution results
and executes the command only after the users confirm the operation.
eSight displays command execution results in real time.
Configuration Data Synchronization

To ensure configuration data consistency between eSight and NEs, eSight supports automatic
data synchronization after an NE configuration change and manual data synchronization.
Users can check synchronization task progresses on the synchronization task management
page, and use the NE manager to check common configuration parameters synchronized to
eSight.
2.23 eLTE Management
2.23.1 eLTE CPE Management

eSight offers a wide array of eLTE CPE management functions, including PnP device access,
firmware upgrade, configuration management, and remote maintenance. Supported CPEs
include eA660, eA661, and eA360 devices.
CPE NE Web Page

eSight offers a unified portal to manage CPEs.

eSight
l Basic information
Users can view and update basic information about CPEs.
l Setting common parameters
Users can set the following common parameters for managed objects: WAN, WLAN,
LAN, local time, eSight server, gateway, router, firewall, and service access.
l General configuration
Users can modify CPE parameters using the TR-069-compliant configuration model tree.
l Integrating the CPE web manager
Users can jump to the CPE web manager from eSight, and set advanced parameters for a
single CPE.
l Exporting a configuration file
Users can export CPE configuration files for backup.
l Loading a configuration file
Users can load configuration files for CPEs.
l Performing remote maintenance
Users can remotely restart CPEs, restore factory defaults, and use the ping command to
check the connectivity.
l Managing device logs
Users can review diagnosis and routing log files about CPEs, download them from CPEs
to the eSight server, and export them to a local disk.
l Monitoring LAN port peak rates
Users can monitor peak rates of incoming and outgoing traffic on LAN ports.
Untrusted CPE Management

eSight receives CPE registration requests and records basic information about CPEs in lists.
Users can selectively move CPEs from the untrusted CPE list to the authorized CPE list.
Authentication Credential Setting and Modification

eSight enables users to modify authentication credentials for one or more CPEs.
PnP Device Access

l Automatically delivering configuration files
When a CPE is added to eSight, eSight automatically obtains and delivers the
configuration file to the CPE based on the CPE model and version number.
l Automatically upgrading version files
After a CPE firmware version file is uploaded to eSight, eSight compares the current
firmware version with the uploaded version file. If the versions do not match, eSight
upgrades it to the uploaded version.
Batch Configuration
Users can set parameters for CPE devices in batches.

eSight
Batch Configuration File Load

Users can immediately or regularly load configuration files for specific CPEs in batches.
Batch Upgrade
Users can upgrade the CPE firmware versions in batches instantly or as scheduled. Users can
also customize upgrade policies when the current and target versions of NEs are the same.
The number of upgrade tasks that can be concurrently executed is controlled by the file server
egress bandwidth.
Alarm Management
eSight allows users to manage the following CPE alarms: Lower computer disconnection
Lower computer quantity threshold-crossing LAN port upstream exception Weak wireless
signal Unauthorized access
eSight supports real-time and periodical collection and display of CPE indicators, including
LAN port rate, receive signal strength indictor, reference signal receiving power, and
downstream signal-to-noise ratio.
Log Management
eSight allows users to export CPE diagnosis and routing logs in batches.
2.23.2 eLTE eNodeB Management

eSight offers a wide array of eLTE eNodeB management functions, including device access,
alarm, performance, topology, NE manager, device software upgrade, MML Client, and
configuration data synchronization.
Device Access
Users can add a single eNodeB, import a file to add eNodeBs in batches, or use eSight to
automatically discover eNodeBs that are running on the network. Users can also manage the
eNodeB connection status and management status in the topology or on the device overview
page.
Alarm Management
In addition to all the alarm management functions mentioned in 2.3 Alarm Management,
eSight also allows users to manually and automatically synchronize current alarms, and clear
specific current alarms for devices.
By default, eSight offers key, major, and minor performance indicator templates. After
devices are connected to eSight, collection tasks about key performance indicators (KPIs) are
automatically added to collect performance data about network-wide devices.
eSight supports 15 key performance counter templates, including eNodeB, link, RRU, board,
cell, port, and carrier; and automatically creates one-hour performance collection tasks when

eSight
eNodeBs are created. Users can also manually create and delete periodical detection tasks for
eNodeBs at an interval less than one hour.
Topology Management
the following topology management functions for eNodeBs:
l Displays virtual connections between eNodeBs and eCNSs in the physical topology.
l Updates the eNodeB connection and alarm status in the physical topology in real time.
l Allows users to right-click an eNodeB to display the following functions: configuration
synchronization, alarm browsing, NE details, web network management, and MML
client.
NE Manager
Users can use the NE manager to comprehensively manage eNodeBs. eSight calculates the
NE health based on the following factors and displays the health information on the NE
manager:
l NE connection status
l Ratio of the unreachable duration to the total managed duration
l Ratio of critical and major alarms to the total alarms
l Number of current alarms
l Performance alarms
l CPU usage
The NE manager allows users to manage:
l Key NE information models

l Physical resources such as NE attributes, boards, and ports
l Transmission resources such as IP interfaces, S1 interfaces, X2 interfaces, routes, Stream
Control Transmission Protocol (SCTP) links, and IP paths
l Wireless resources such as remote radio units (RRUs), RRU chains, sectors, cells,
operator information, and cell operator information
The NE manager also allows users to check current and historical alarms of NEs as well as
NTP server configuration.
Device Software Upgrade

Users can manage the following files on eSight:
l Version files
l Hot and cold patches
l BootRom files
l Configuration files
l Certificate files
Users can update the software for multiple devices in a single task instantly or as scheduled.

eSight
Users can also review historical upgrade tasks, monitor the execution status of current
upgrade tasks, and control the number of concurrent upgrade tasks based on the file server
egress bandwidth.
MML Client
The MML client allows users to deliver MML commands to NEs of the same type and
version on eSight. The MML client offers a function-specific command navigation tree,
may have severe negative effects, the MML Client informs users of possible execution results

eSight.
2.23.3 eLTE eCNS Management

eSight offers a wide array of eLTE eCNS management functions, including device access,
alarm management, topology management, NE manager, MML Client, and configuration data
synchronization.
Device Access
eSight allows users to add a single device, and manage the eCNS connection status and
management status in the topology or on the device overview page. Due to limited quantity of
eCNSs, users do not need to import eCNSs in batches or use the automatic discovery function
to add eCNSs. However, the eCNS610 supports batch import.
Alarm Management
For eLTE eCNSs, eSight supports all the alarm management functions mentioned in 2.3
Alarm Management. eSight supports manual and automatic synchronization of current
alarms, and allows users to clear specific current alarms.
Topology Management
the following topology management functions for eCNSs:
l Displays virtual connections between eNodeBs and eCNSs in the physical topology.
l Updates the eCNS connection and alarm status in the physical topology in real time.
l Allows users to right-click an eCNS to display the entries for current alarms and the
MML Client.

eSight
NE Manager
The NE manager enables in-depth management over eNodeBs, calculates NE health status by
the alarm severity and number of current alarms, and displays NE monitoring status.
The NE manager allows users to check current and historical alarms about devices, and check
physical resources about the eCNS600 and CGPOMU.
MML Client
The MML Client allows users to deliver MML commands to NEs of the same type and
version on eSight. The MML Client offers a function-specific command navigation tree,
may have severe negative effects, the MML CLI informs users of possible execution results

eSight.
2.23.4 eLTE Service Channel Diagnosis

With the service channel diagnosis function, eSight displays segment-by-segment service
tunnels between CPE users and business servers in the service topology and tables, and allows
users to:
l Define and discover end-to-end service tunnels that need check.

l Manually check the connectivity for each segment of service tunnels
l Check the connectivity for each segment of service tunnels.
l Display connectivity check results in the service topology and tables.
l Set ping detection parameters and alarm thresholds.
2.24 Custom Device Management

eSight allows users to manage custom devices from a variety of vendors, as long as the
devices support the SNMP, IPMI, or SMI-S protocol. The custom device management module
allows users to manage device types, performance indicators, alarm parameters, Telnet
customization, and configuration files; and customize the device panel to enhance the
management of basic device capabilities.
Table 2-5 lists custom devices and access protocols supported by eSight.

eSight
Table 2-5 Custom devices and access protocols
Device Access Protocol Alarm Management

Protocol
Network devices SNMP SNMP
Servers IPMI, SNMP SNMP
Storage devices SMI-S SNMP
NE Type Customization
l Use a visualized wizard to customize devices:
– Device type segmentation
– Automatic SNMP MIB file analysis
– TRAP listening and alarm definition import for actual devices
– Quick introduction of existing definitions for devices of other types
– Pre-definition of standard alarms, performance, and key data
l Quickly enable device customization by importing and exporting.
l Quickly customize other similar types for devices from the same vendor and under the
same product group by duplication.
l Modify the following items of existing customized devices:
– Device type
– Alarm
– Performance
– Configuration file
– Concerned data
l Check the consistency of customized devices:
– Connect actual devices, and check and analyze customized devices.
– Output consistency check analysis reports.
Key Concerned Data Customization

l The system pre-defines the following key concerned data: system group, interface table,
IP address table, IP route table, and ARP table data.
l When customizing data groups, user can directly add key information to the table for the
system to check validity. Users can create attribute groups and multi-line table groups.
When users specify attributes within a group on the UI, the system uses a MIB browser
to choose the OID. For attribute groups, only the OID in the MIB group can be selected;
and for multi-line table groups, the Table or Entry node must be selected to automatically
load all OIDs in the table and identify table indexes.
l Users can re-adjust group attributes by selecting items and check the integrity of selected
attributes. Attributes that are not completely configured cannot be selected.

eSight
2.25 Integration Capability

It supports heterogeneous system integration and can be quickly interconnected with a third-
party system. eSight can provide alarm, performance, link, and resource information to upper-
layer operations support systems (OSSs) through northbound interfaces.
l eSight allows the upper-layer NMS to use HTTPS-based REST web interfaces to query
and set resource data (such as security data, network/data center/enterprise
communication/access data), alarm data, and performance data, implementing
centralized monitoring and management.
l eSight allows the upper-layer NMS to use SNMP northbound interfaces to monitor
alarms and resources in a centralized manner. SNMPv1, SNMPv2c, and SNMPv3 are
supported. SNMP northbound interfaces support alarm query setting management,
device query, link query, and inter-system heartbeat integration.
l eSight allows the upper-layer NMS to use FTP interfaces to obtain files containing
historical performance collection results. eSight supports FTP and SFTP, and can
transmit files in pull or push mode.

eSight
Product Description 3 Deployment Mode
3 Deployment Mode
About This Chapter
eSight supports two networking modes: standalone deployment, and hierarchical deployment.
3.1 Standalone Mode
3.2 Distributed Deployment Mode
3.3 Two-Node Cluster Deployment Mode

eSight
3.1 Standalone Mode

The eSight single-node system deployment scheme applies to small networks that do not
require high reliability.
In the single-node system deployment scheme, multiple web clients and the eSight server are
connected through a local area network (LAN) or wide area network (WAN)
Figure 3-1 Standalone mode
NOTE
l The eSight single-node system can be deployed on a virtual machine (VMWare ESXI 5.5 and
FusionSphere 5.1) that runs the Windows operating system. Distributed and HA deployment
schemes cannot be deployed on a virtual machine.
l If the Oracle database is used, the database and eSight can be deployed on the same server or
different servers (if on different servers, customers need to prepare the server to install the database).
l If the network traffic analyzer (NTA) is deployed, the single-node system management scale does
not exceed 5000 equivalent NEs. In a single node system, the NTA can manage a maximum of 10
nodes at 2000 flows/s.
3.2 Distributed Deployment Mode

The eSight distributed system deployment scheme applies to medium networks that require
cross-regional management rather than high reliability.
The eSight distributed system deployment scheme.

eSight
Figure 3-2 Distributed deployment mode
The secondary host in the distributed system refers to the network traffic collector (NTC),
WLAN location server or distributed UC Device Manager.
l eSight supports only one NTC.

l eSight supports only one WLAN location server.
l eSight supports multiple UC Device Manager nodes.
NOTE
l If the Oracle database is used, the database and eSight can be deployed on the same server or
different servers (if on different servers, customers need to prepare the server to install the
database).
l When the network scale exceeds 5000 equivalent NEs or more than 10 devices need network
traffic management, the NTC must be deployed on an independent server. In the distributed
deployment scheme, the NTC can manage a maximum of 350 devices at 30,000 flows/s.
l When the quantity of APs exceeds 1000, the WLAN positioning server must be deployed
independently. In the distributed deployment scheme, the WLAN positioning server is able to
position a maximum of 2000 APs.
l In the distributed deployment scheme, each UC Device Manager node can manage a
maximum of 2000 phones (calculation method: Number of IP phones/4 + Number of IP PBXs
+ Number of IADs).

eSight
3.3 Two-Node Cluster Deployment Mode

An eSight two-node cluster can be a local two-node cluster (where two servers are deployed
at the same site) or a remote two-node cluster (where two servers are deployed at two
different sites).
NOTE
l The eSight Network Traffic Analyzer, Facilities Infrastructure Manager, and Application Manager
do not support High-Availability (HA) systems.
l HA systems do not support distributed deployment.
Local Two-Node Cluster

In this deployment mode, the eSight software is installed on both the active and standby
servers. Data between active and standby servers is synchronized through a dedicated
duplication line. When the active server fails, services are automatically switched to the
standby server to ensure normal running of the entire system.
You can set a floating IP address between the active and standby servers. In this case, devices
do not need to reconnect to eSight after active and standby switchover.
Figure 3-3 Local two-node cluster networking

eSight
NOTE
Bond: On the SUSE Linux operating system, the bond technology is used to form a virtual layer
between the physical layer and the data link layer. This technology allows two server NICs connecting to
a switch to be bound to one IP address. The MAC addresses of the two NICs are also automatically
bound as one MAC address. In this manner, a virtual NIC is formed.
Remote Two-Node Cluster

In this deployment mode, the eSight software is installed on both the active and standby
servers. The two servers can be deployed in geographically-dispersed places. In case of a fault
on the active server, services are automatically switched to the standby server. Data between
active and standby servers is synchronized through a dedicated duplication line, which
ensures normal running of the eSight system.
Because the two eSight servers use different IP addresses, you must set the IP addresses of the
active and standby servers on managed devices. In this case, information, such as alarms, on
the devices can be automatically sent to the standby server after active and standby
switchover, which ensures normal device monitoring and management.
Figure 3-4 Remote two-node cluster networking

eSight
Product Description 4 Networking Mode
4 Networking Mode
About This Chapter
4.1 eSight and Device Networking

4.2 eSight and OSS Integration
4.3 eSight Hierarchical Networking

eSight
4.1 eSight and Device Networking

eSight manages Huawei's and non-Huawei's devices, as listed in Table 4-1.
Table 4-1 Devices managed by eSight

Domain Device
Switch S series switches, CE series switches
Router NE series routers, AR series routers
Security device Eudemon series, SRG series, SVN series
UC device eSpace series gateways, out-sourced UC devices, eSpace

UC applications, eSpace CC applications, VTM
applications
Video surveillance device Huawei's video surveillance applications
Telepresence conference Huawei's Telepresence conference endpoints, MCUs, TP,

endpoint GK
Phone eSpace IP phones
Server Huawei's rack, blade, high-density, and storage servers

Mainstream operating systems, like Windows, RedHat, and
SUSE
Storage device Huawei's array storage, unified storage, virtual smart

storage, mass storage, cloud storage, virtual tape library,
third-party storage, and FC switch
Virtual resource device VMware ESX/ESXi Server, Huawei FusionCompute and

FusionAccess
Equipment room facilities Power supply, air-conditioning, environment, cabinet, and

security devices
eLTE device Huawei's CPEs, including eA360, eA660, and eA661

Base station DBS3900 LTE
Core network eCNS610
eIMS device eCGPOMU, CSCF, ATS, MRP6600, SPG, HSS9860, ENS,

USCDB, CCF, MEDIAX, TMS, UPORTAL, SE1000,
SE2900, RCS9880, VRCS
Non-Huawei device Pre-integrated non-Huawei devices: H3C, Cisco devices

Printer, server

eSight
NOTE
For details about the mappings between eSight and devices, see the version mappings in the release
notes delivered with the version.
eSight uses a variety of protocols - such as SNMP, FTP/SFTP, and TR069 - to communicate
with managed devices. eSight faults have no impact on the networking and services of
managed devices. The following figure shows a typical scenario of eSight.
Figure 4-1 eSight and NE networking
4.2 eSight and OSS Integration

eSight supports third-party systems including upper-level OSSs. Third-party systems can
obtain network resources and alarms from the eSight system through the SNMP or HTTP
interface.

eSight
Figure 4-2 Network between eSight and an OSS
4.3 eSight Hierarchical Networking

eSight implements hierarchical network management to enable the headquarters of an
enterprise to monitor its branch networks.
An upper-layer eSight system is deployed in the HQ to centrally manage devices in lower-
layer NMSs. If devices in the HQ need to be managed, another lower-layer NMS must be
deployed in the HQ. The lower-layer NMS in the HQ connects to the upper-layer NMS via
the local network. Lower-layer NMSs in branches connect to the upper-layer NMS via IP
networks.
The upper-layer NMS supports only single-node deployment. Lower-layer NMSs can be
deployed in a single-node system or two-node cluster.
Figure 4-3 Hierarchical networking mode

eSight
Product Description 5 Configuration
5 Configuration
About This Chapter
5.1 Hardware and Software Requirements

5.2 Client Configuration Requirements
5.3 Network Bandwidth Requirements

eSight
5.1 Hardware and Software Requirements

Different combinations of the eSight platform and components have different hardware and
software requirements.
NOTE
Management scale (Number of equivalent NEs) = Number of managed network devices + Number of
managed APs + Number of managed PON devices + Number of managed video surveillance devices +
Number of managed telepresence devices + Number of managed UC devices (Number of IP PBXs /
U19XXs x 10) + Number of IP phones / 4 + Number of eLTE CPEs / 5 + Number of eLTE eNodeBs x 2
+ Number of eLTE eCNSs x 20 + Number of eIMS devices x 20 + Number of low-end storage devices x
10 + Number of heterogeneous storage devices x 10 + Number of mid-range storage devices x 20 +
Number of high-end storage devices x 160 + (Number of Big Data storage nodes / 288) x 160 + Number
of rack servers x 2 + Number of blade servers x 20 + Number of objects monitored by the Application
Manager x 2 + Number of sites monitored by the Facilities Infrastructure Manager x 2 + Number of
VMs x 1 + OS x 1 + Number of eIMS devices x 20.
If the number of Big Data storage nodes is not the integral multiple of 288, the result of Number of Big
Data storage nodes/288 is rounded up to an integer.
Physical Server Requirements

Server Manage Recomm Remarks Optional OS and DB
Name ment ended
Scale Configur
ation
eSight 0-5000 2 x hexa- l The server Windows Server Supports

primar core 2G supports the co- 2008 R2 (64-Bit)- only
y CPUs, 32 deployment of Standard + upgrade
server GB the NTC (up to Microsoft SQL scenarios
memory, 10 nodes, 2000 Server 2008- rather than
500 GB flows/s, 100 Standard new
hard disks APs + shipments.
monitored
interfaces). Windows Server Supports
2012 R2 (64-Bit)- shipments
l The server
Standard + rather than
supports the co-
Microsoft SQL two-node
deployment of
Server 2012- cluster
the WLAN
Standard deployment
Positioning
.
Server (up to 50
APs and 500 Windows Server Supports
clients). 2012 R2 (64-Bit)- shipments
Standard + rather than
MySQL 5.6- two-node
Standard cluster
deployment
.

eSight

Name ment ended
Scale Configur
ation
Novell SUSE Supports

LINUX shipments
Enterprise Server and two-
11.0 SP3 + Oracle node
Database cluster
Standard Edition deployment
11g R2 .
Red Hat Customers

Enterprise Linux need to
6.6 + Oracle prepare the
Database operating
Standard Edition system by
11g R2 themselves.
Two-node
cluster
deployment
is not
supported.
4 x octa- l Required when Novell SUSE Supports

core 2G the Energy and LINUX shipments
CPUs, 64 Infrastructure Enterprise Server and two-
GB Manager or 11.0 SP3 + Oracle node
memory, 1 Application Database cluster
TB hard Manager is Standard Edition deployment
disks deployed. 11g R2 .
l The server Red Hat Customers
supports the co- Enterprise Linux need to
deployment of 6.6 + Oracle prepare the
the NTC (up to Database operating
10 nodes, 2000 Standard Edition system by
flows/s, 100 11g R2 themselves.
APs + Two-node
monitored cluster
interfaces). deployment
l The server is not
supports the co- supported.
deployment of
the WLAN
Positioning
Server (up to 50
APs and 500
clients).

eSight

Name ment ended
Scale Configur
ation
5000-200 4 x octa- l Supports the Novell SUSE Supports

00 core 2G Energy and LINUX shipments
CPUs, 64 Infrastructure Enterprise Server and two-
GB Manager and 11.0 SP3 + Oracle node
memory, 1 Application Database cluster
TB hard Manager. Standard Edition deployment
disks l The server 11g R2 .
supports the co- Red Hat Customers
deployment of Enterprise Linux need to
the NTC (up to 6.6 + Oracle prepare the
10 nodes, 2000 Database operating
flows/s, 100 Standard Edition system by
APs + 11g R2 themselves.
monitored Two-node
interfaces). cluster
l The server deployment
supports the co- is not
deployment of supported.
the WLAN
Positioning
Server (up to 50
APs and 500
clients).
Second 0-350 2 x hexa- l Required when Windows Server Supports

ary core 2G the number of 2012 R2 (64-Bit) shipments
server CPUs, 32 network traffic rather than
for the GB collection nodes two-node
NTC memory, exceeds 10. cluster
500 GB Only one server deployment
hard disks can be deployed .
for the NTC to
manage a
maximum of
350 collection
nodes at 30,000
flows/s. The
number of APs
and monitored
interfaces that
collect network
traffic cannot
exceed 1000.
l The database is
not required.
Requirements

eSight

Name ment ended
Scale Configur
ation
on the operating Novell SUSE Supports
system and the LINUX shipments
eSight primary Enterprise Server rather than
server are the 11.0 SP3 two-node
same. cluster
deployment
.
Second APs: 2 x hexa- l Required when Windows Server Supports

ary 0-2000; core 2G the number of 2012 R2 (64-Bit) shipments
server clients: CPUs, 32 WLAN rather than
for the 0-24,000 GB positioning two-node
WLAN memory, collection nodes cluster
positio 500 GB exceeds 50 APs deployment
ning hard disks or 500 clients. .
collect Only one node
or APs: 4 x octa- can be deployed Novell SUSE Supports
2000-500 core 2G to manage a LINUX shipments
0; clients: CPUs, 64 maximum of Enterprise Server rather than
24,000-6 GB 5000 APs and 11.0 SP3 two-node
4,000 memory, 1 64,000 clients. cluster
TB hard deployment
disks l The database is .
not required.
Requirements
on the operating
system and the
eSight primary
server are the
same.

eSight

Name ment ended
Scale Configur
ation
Second 0-2000 2 x hexa- l Required when Novell SUSE Supports

ary core 2G IP phones to be LINUX shipments
server CPUs, 32 managed belong Enterprise Server rather than
for the GB to different 11.0 SP3 two-node
IP memory, subnets. cluster
phone 500 GB l Management deployment
collect hard disks scale: Number .
or of IP phones / 4
+ Number of IP
PBXs +
Number of
IADs
l At most 20
nodes can be
deployed, with
each node
supporting a
maximum of
2000 devices.
l The database is
not required.
Requirements
on the operating
system and the
eSight primary
server are the
same.
Server 0-50,000 2 x hexa- l Required in Windows Server Supports

for core 2G hierarchical 2012 R2 (64-Bit)- shipments
upper- CPUs, 32 management Standard + rather than
layer GB scenarios. Microsoft SQL two-node
centrali memory, l Maximum Server 2012- cluster
zed 500 GB management Standard deployment
monito hard disks scale: 50,000, .
ring including wired
Novell SUSE Supports
devices
LINUX shipments
(0-20,000) and
Enterprise Server rather than
wireless
11.0 SP3 + Oracle two-node
APs/VMs
Database cluster
(0-50,000).
Standard Edition deployment
Number of
11g R2 .
managed lower-
layer NMSs:
0-100

eSight

Name ment ended
Scale Configur
ation
Red Hat Customers

Enterprise Linux need to
6.6 + Oracle prepare the
Database operating
Standard Edition system by
11g R2 themselves.
Two-node
cluster
deployment
is not
supported.
50,000-3 4 x octa- l Required in Novell SUSE Supports

00,000 core 2G hierarchical LINUX shipments
CPUs, 64 management Enterprise Server rather than
GB scenarios. 11.0 SP3 + Oracle two-node
memory, 1 l Maximum Database cluster
TB hard management Standard Edition deployment
disks scale: 300,000, 11g R2 .
including wired Red Hat Customers
devices Enterprise Linux need to
(0-100,000) and 6.6 + Oracle prepare the
wireless Database operating
APs/VMs Standard Edition system by
(0-300,000). 11g R2 themselves.
Number of Two-node
managed lower- cluster
layer NMSs: deployment
0-500 is not
supported.

eSight
Virtual Server Requirements

Name ment ended
Scale Configur
ation
eSight 0-2000 2 x hexa- l Supports Huawei Windows Supports

primary core 2G FusionSphere 5.1 and Server 2012 shipments
server CPUs, 32 VMWare ESXI 5.5 R2 (64-Bit)- rather
GB platforms. Standard + than two-
memory, l Does not support the Microsoft node
500 GB co-deployment of the SQL Server cluster
hard disks NTC. 2012- deployme
Standard nt.
l Does not support the
co-deployment of the
WLAN Positioning
Server.
l Does not support the
Energy and
Infrastructure Manager
or Application
Manager.
l Manages a maximum
of 2000 equivalent
NEs.
5.2 Client Configuration Requirements

The eSight web client has the following requirements on the operating system, memory, and
browser:
l Operating system: Windows 7, Windows Server 2008, or Windows Server 2012.
l Browser: Internet Explorer 9, Internet Explorer 10, Internet Explorer 11, Firefox 38 esr,
and Chrome 43 are recommended.
NOTE
The eSight Facilities Infrastructure Manager does not support Firefox 38 esr and Chrome 43. Use
Internet Explorer 9, Internet Explorer 10 or Internet Explorer 11 for it.
l Memory: 1 GB or above
5.3 Network Bandwidth Requirements

To ensure the normal running of the eSight system, ensure that network bandwidths meet the
basic network bandwidth requirements.
The method for calculating network bandwidth required in the eSight system is as follows:
Bandwidth between the eSight server and client: at least 2 Mbit/s (recommended: more than
10 Mbit/s).

eSight
Bandwidth between active and standby servers in a two-node cluster: 50 Mbit/s.

Bandwidth between upper-layer and lower-layer servers in a distributed deployment moder:
10 Mbit/s.
Total bandwidth between eSight and devices = Device management bandwidth + Additional
bandwidth for terminal upgrade + Additional bandwidth for network traffic + Additional
LogCenter bandwidth + Additional bandwidth for deploying the operating system for servers
l Device management bandwidth (X indicates the total number of devices, including
terminals and other box devices):
– X < 2000, required bandwidth: 2 Mbit/s
– X > 2000, required bandwidth: 2 Mbit/s + (X – 2000) x 0.8 kbit/s
l Additional bandwidth for terminal (IP phones and CPEs) upgrade (Y indicates the
number of terminals):
(Y/10) x 256 kbit/s
NOTE
The planned bandwidth for each terminal upgrade is 256 kbit/s. In the formula, Y/10 indicates that
10% terminals are concurrently upgraded. eSight allows users to upgrade 100 terminals at the
same time, requiring 25.6 Mbit/s.
l Additional bandwidth for network traffic:
N x 400 bit/s
NOTE
l In the formula, N indicates the number of flows and its unit is flow/s.
l The bandwidth for a flow is calculated as follows: (1500/30) x 8 bit/s = 400 bit/s. Here, 1500
indicates that the average size of a NetStream packet is 1500 bytes, and 30 indicates that a
NetStream packet has about 30 flows.
l 10000 flows require a bandwidth of 3.8 Mbit/s.
l Additional LogCenter bandwidth (between the LogCenter collector and devices)
Distributed deployment: 36 Mbit/s
l Additional bandwidth for deploying the operating system for servers:
15 Mbit/s
NOTE
eSight allows users to load and deploy the operating system image through ServiceCD. Deploying
the operating system for each server requires 1.5 Mbit/s. eSight allows users to deploy the
operating system for a maximum of 10 servers at the same time, requiring 15 Mbit/s.

eSight
Product Description 6 Technical Specifications
6 Technical Specifications
About This Chapter
6.1 Technical Counters for Basic Management

6.2 Technical Counters for Management Capacity

eSight
6.1 Technical Counters for Basic Management

Table 6-1 Technical specifications
Counter Value
Maximum number of current alarms 20,000
Maximum number of historical alarms 15 million
Maximum number of event alarms 2 million
Maximum number of audit logs 3 million
Number of alarms processed per second 100
Maximum number of topology objects 500

supported by a subnet
Maximum number of topology object layers 11

supported by topology management
6.2 Technical Counters for Management Capacity

eSight can manage a maximum of 20,000 NEs and allows a maximum of 100 online clients
concurrently. The technical counters for eSight are as follows.
NOTE
The quantity of managed nodes is calculated as follows:

Number of managed network devices + Number of managed WLAN APs + Number of managed PON
devices + Number of managed video surveillance devices + Number of managed telepresence devices +
Number of managed UC/CC devices (IP PBX/U19XX x 10) + Number of IP phones/4 + Number of
eLTE terminals/5 + Number of eLTE base stations x 2 + Number of eLTE core networks x 20 + Number
of eIMS devices x 20 + Number of low-end storage devices x 10 + Number of heterogeneous storage
devices x 10 + Number of mid-range storage devices x 20 + Number of high-end storage devices x 160
+ (Number of Big Data storage nodes/288) x 160 + Number of rack servers x 2 + Number of blade
servers x 20 + Number of objects monitored by Application Manager x 2 + Number of VMs x 1 +
Number of operating systems x 1 + Number of managed eIMS devices x 20
If the number of Big Data storage nodes is not the integral multiple of 288, the result of Number of big
data storage nodes/288 is rounded up to an integer.
Table 6-2 Technical counters for management capacity
Counter Value for eSight Value for eSight

Standard Professional
Number of devices managed by eSight 0–5000 0–20,000

Network Device Manager
Number of APs managed by WLAN 0–5000 0–10000

Manager

eSight

Number of APs supported by the eSight 0–5000 0–5000

WLAN wireless positioning function
Number of devices managed by MPLS 0–3000 0–3000

VPN Manager
Number of devices managed by SLA 0–2000 0–2000

Manager
Number of devices managed by Network 0–350 0–350

Traffic Analyzer Manager
NOTE
l Network traffic processing capability in a
public cloud DC scenario: EIPs <= 5000,
rate limit groups <= 2000, and customers
<= 1000
l Network traffic processing capability in a
non-public cloud DC scenario: Number
of monitored APs +Number of monitored
interfaces <= 1000
Number of devices managed by IPSec 0–2500 0–2500

VPN Manager
Number of devices managed by Secure 0–2000 0–5000

Center
eSight LogCenter NAT Log Collection 0–100,000,000 0–100,000,000

Ability - 1250 logs/s
eSight LogCenter Syslog Log Collection 0–100,000,000 0–100,000,000

Ability - 250 logs/s
Number of ONUs managed by PON 0–5000 0–20,000

Device Manger
Number of terminals managed by UC 0–80,000 0–80,000

Device Manager
Number of devices managed by UC 0–5000 0–20,000

Device Manager
Number of CCS9000 Subscribers 0–100000 0–100000

managed by UC Device Manager
Number of devices managed by 0–5000 0–20,000

Telepresence and Video Conference
Device Manager
Number of devices managed by 0–20,000 0–20,000

Intelligent Video Surveillance Device
Manager

eSight

Number of CPEs managed by eLTE 0–5000 0–20,000

Device Manager
Number of eNodeBs managed by eLTE 0–500 0–2000

Manager
Number of eCNSs managed by eLTE 0–50 0–200

Manager
Number of mid-range and low-end 0–512 0–1024

devices managed by Storage Manager
Number of high-end devices managed by 0–16 0–64

Storage Manager
Number of Big Data storage nodes 0–3456 0–13824

managed by Storage Manager
Number of heterogeneous devices 0–256 0–512

managed by Storage Manager
Number of servers managed by Server 0–2000 0–10000

Device Manager

Configuration & Deployment Manager

Stateless Computing Manager
Number of CPUs managed by 0–100000000 0–100000000

Virtualization Manager
Number of units monitored by Facilities 0–1000 0–1000

Manager
Number of objects monitored by 0–500 0–500

Application Manager

eSight
Product Description 7 Standard and Protocol Compliance
7 Standard and Protocol Compliance
eSight complies with the following standards and protocols:

l SNMP and MIB-II standards for interfaces between eSight and devices
– RFC1155: structure and identification of management information for TCP/IP-
based Internet
– RFC1157: simple network management protocol
– RFC1213: version 2 of management information base (MIB-II) for network
management of TCP/IP-based Internet
l XML 1.0
l ITU-T X.733: fault management specification
l JSR-286 Portlets specifications: Java Portlet specification v2.0
l HTTP/1.0|HTTP/1.1: Hypertext Transfer Protocol
l HTTPS: Hypertext Transfer Protocol Secure
l SIP (RFC3261)
l TCP (RFC0872)
l TCP/UDP (RFC1356)
l SMI-S Storage Management Suggestion and Guide
l Modbus

eSight
Product Description A Glossary
A Glossary
A
AC See access controller.
access controller (AC) A device that controls and manages all associated access points (APs) in a WLAN. An
AC can work with the authentication server to provide the authentication service for
WLAN users.
acknowledged alarms Alarms that are already handled. With the alarms acknowledged, you can identify the
alarms that are not handled so that you can handle these alarms in time.
administrator A user who has authority to access all EMLCore product management domains. This
user has access to the entire network and all management functions.
aerial view A window of the NMS, which displays a thumbnail of the current topology view.
alarm A message reported when a fault is detected by a device or by the network
management system during the device polling process. Each alarm corresponds to a
clear alarm. After a clear alarm is received, the corresponding alarm is cleared.
alarm masking A method to mask alarms for the alarm management purpose. Alarms that are masked
are not displayed on the NMS or the NMS does not monitor unimportant alarms.
alarm name A brief description of the symptom of the failure related to this alarm.
alarm source To automatically report alarms, the ECC system can receive alarms from multiple
alarm sources such as smoke detectors and alarming hosts.
B
B/S browser/server
BBU See backup battery unit.
BIOS See basic input/output system.
backup Process of copying data to another storage area so that it can be used to restore the
data when the source data is damaged or lost.
backup battery unit A battery module that can supplies power for a controller enclosure in a short time
(BBU) when the system is powered off.

eSight
basic input/output Firmware stored on the computer motherboard that contains basic input/output control
system (BIOS) programs, power-on self test (POST) programs, bootstraps, and system setting
information. The BIOS provides hardware setting and control functions for the
computer.
bit/s See bits per second.
bits per second (bit/s) A rate at which the individual bits are transmitted through a communication link or
circuit. Its unit can be bit/s, kbit/s, and Mbit/s.
blacklist A list containing information about subscribers who are prohibited from using certain
permissions or services due to certain reasons.
C
CC See conference call.
CLI command-line interface
CPE See customer-premises equipment.
CPU See central processing unit.
central processing unit The computational and control unit of a computer. The CPU is the device that
(CPU) interprets and executes instructions. The CPU has the ability to fetch, decode, and
execute instructions and to transfer information to and from other resources over the
computer's main data-transfer path, the bus.
cluster A computer technology that integrates a set of loosely connected servers to work
together so that in many respects they can be viewed as a single system. A cluster is
used to improve system stability, reliability, data processing capability, and service
capability. For example, a cluster is used to reduce single-point failures, share storage
resources, load balances, and improve system performance.
collector An important component of the NMS that is used to collect device data. It collects
device data through continuous polling and stores the collected data in the database for
collectors. The NMS server reads required data from the collector database. Different
devices are collected by different collectors.
conference call (CC) A conference by telephone in which three or more parties in different locations
participate by using a central switching unit.
configuration data A command file defining hardware configurations of an NE. With this file, an NE can
collaborate with other NEs in a network. Therefore, configuration data is the key
factor that determines the operation of an entire network.
configuration file A file that contains machine-readable operating specifications for a piece of hardware
or software or that contains information on another file or on a specific user, such as
the user's login ID.
customer-premises The equipment located at an end-user's premises. Most CPEs are telephones or other
equipment (CPE) service equipment. A CPE can be a Mobile Station (MS) or a Subscriber Station (SS).
An MS is mobile equipment, and an SS is fixed equipment.
D
DNS See domain name service.
data backup A method of copying key data to the backup storage area to prevent data loss in case
the original storage area is damaged or a failure occurs.

eSight
domain name service A hierarchical naming system for computers, services, or any resource connected to
(DNS) the Internet or a private network. It associates various information with domain names
assigned to each of the participants. The DNS distributes the responsibility of
assigning domain names and mapping those names to IP addresses by designating
authoritative name servers for each domain.
dump To export alarm data from the database to the customized file. The exported data is
cleared in the database.
E
ESN See equipment serial number.
Ethernet A LAN technology that uses the carrier sense multiple access with collision detection
(CSMA/CD) media access control method. The Ethernet network is highly reliable
and easy to maintain. The speed of an Ethernet interface can be 10 Mbit/s, 100 Mbit/s,
1000 Mbit/s, or 10,000 Mbit/s.
Extensible Markup A specification developed by the World Wide Web Consortium (W3C). XML is a
Language (XML) pared-down version of Standard Generalized Markup Language (SGML), designed
especially for Web files. It allows designers to create their own customized tags,
enabling the definition, transmission, validation, and interpretation of data between
applications and between organizations.
eNodeB E-UTRAN NodeB
eSight See eSight.
eSight (eSight) A Huawei's next-generation ICT O&M system for the enterprise market and the first
cross-filed and cross-vendor ICT O&M system of Huawei Enterprise BG. It is
designed to centrally manage storage devices, servers, routers, switches, firewalls,
WLANs, unified communication, telepresence conferences, and video surveillance. In
addition, it is capable of managing a wide range of devices from other vendors.
equipment serial A string of characters that identify a piece of equipment and ensures correct allocation
number (ESN) of a license file to the specified equipment. It is also called "equipment fingerprint".
F
FFT fast Fourier transformation
FTP File Transfer Protocol
FTPS See File Transfer Protocol over SSL.
File Transfer Protocol An extension to the commonly used File Transfer Protocol (FTP) that adds support for
over SSL (FTPS) the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) cryptographic
protocols.
firewall A combination of a series of components set between different networks or network
security domains. By monitoring, limiting, and changing the data traffic across the
firewall, it masks the interior information, structure and running state of the network
as much as possible to protect the network security.
firmware A programmable software usually written into the EROM or EPROM in a hardware
component. It is responsible for the elementary basic works in the system and is
scalable as software.

eSight
floating IP address An IP address that a high availability (HA) system uses to communicate with the
external system. The active server and standby server have separate IP addresses. For
example, the IP address of the active server is IP1 and the IP address of the standby
server is IP2. When communicating with the external client, the active or standby
server uses IP3, and IP3 is bound to the network adapter of the active server. At this
time, the active server has two IP addresses, namely IP1 and IP3. The standby server
has only IP2, therefore, it does not provide services to the external client. When an
active/standby switchover occurs, the active server releases IP3, and IP3 is bound to
the network adapter of the standby server. This is called floating.
G
GE Gigabit Ethernet
GPON gigabit-capable passive optical network
GUI graphical user interface
gateway A device that connects two network segments using different protocols. It is used to
translate the data in the two network segments.
H
HA system high availability system
HBA host bus adapter
HTTP See Hypertext Transfer Protocol.
HTTPS See Hypertext Transfer Protocol Secure.
Hypertext Transfer An application-layer protocol used for communications between web servers and
Protocol (HTTP) browsers or other programs. HTTP adopts the request-response mode. A client sends a
request to the server. The request consists of two parts: request header and MIME-like
message. The request header contains request method, uniform resource locator
(URL), and protocol version. The MIME-like message contains request modifiers,
client information, and possible body content. Upon receiving the request, the server
responds with a status line. The status line includes the message's protocol version, a
success or error code, and a MIME-like message, which contains server information,
entity meta-information, and possible entity-body content. For details about HTTP, see
RFC2616.
Hypertext Transfer An HTTP protocol that runs on top of transport layer security (TLS) and Secure
Protocol Secure Sockets Layer (SSL). It is used to establish a reliable channel for encrypted
(HTTPS) communication and secure identification of a network web server. For details, see
RFC2818.
high-availability A high-availability (HA) system is in comparison to the stand-alone system. It refers
system to the dual-system backup deployment, which ensures the normal operating when one
computer is faulty. However, the deployment has high costs.
I
IAD See integrated access device.
ICMP See Internet Control Message Protocol.
ID See identity.

eSight
IIS See Internet Information Services.

IP Internet Protocol
IP address A 32-bit (4-byte) binary number that uniquely identifies a host connected to the
Internet. An IP address is expressed in dotted decimal notation, consisting of the
decimal values of its 4 bytes, separated with periods; for example, 127.0.0.1. The first
three bytes of the IP address identify the network to which the host is connected, and
the last byte identifies the host itself.
IPMI See Intelligent Platform Management Interface.
IT information technology
ITU-T International Telecommunication Union-Telecommunication Standardization Sector
Intelligent Platform A specification, developed by Dell, HP, Intel and NEC, for the purpose of improving
Management Interface serviceability of servers. The IPMI provides servers with device management, sensor
(IPMI) and event management, user management, fan box and power supply management,
and remote maintenance.
Internet Control A network layer protocol that provides message control and error reporting between a
Message Protocol host server and an Internet gateway.
(ICMP)
Internet Information Microsoft's brand of a Web server software, utilizing the Hypertext Transfer Protocol
Services (IIS) (HTTP) to deliver World Wide Web documents. It incorporates various functions for
security, allows for CGI programs, and also provides Gopher and FTP services.
identity (ID) The collective aspect of the set of characteristics by which a thing is definitively
recognizable or known.
integrated access An access node that can simultaneously deliver Class 5 switch voice services, packet
device (IAD) voice services, and data services (through LAN ports) over a single WAN link. IADs
provide a common platform that enables service providers to deliver voice and data
over a single access network, reducing the cost of co-located equipment in the Telco
central office and allowing service providers to minimize transport spans.
J
JSR jam-to-signal ratio
K
KPI key performance indicator
KVM See keyboard, video, and mouse.
keyboard, video, and A hardware device installed in the integrated configuration cabinet. KVM serves as
mouse (KVM) the input and output device for the components inside the cabinet. It consists of a
screen, a keyboard, and a mouse.
L
LAN See local area network.
LDAP See Lightweight Directory Access Protocol.
LLDP See Link Layer Discovery Protocol.

eSight
LTE Long Term Evolution

Lightweight Directory A network protocol based on TCP/IP, which allows access to a directory system agent
Access Protocol (DSA). It involves some reduced functionality from X.500 Directory Access Protocol
(LDAP) (DAP) specifications.
Link Layer Discovery The Link Layer Discovery Protocol (LLDP) is an L2D protocol defined in IEEE
Protocol (LLDP) 802.1ab. Using the LLDP, the NMS can rapidly obtain the Layer 2 network topology
and changes in topology when the network scales expand.
license A permission that the vendor provides for the user with a specific function, capacity,
and duration of a product. A license can be a file or a serial number. Usually the
license consists of encrypted codes. The operation authority granted varies with the
level of the license.
license file The license file is an authorization for the capacity, functions, and validity period of
the installed software. The license file is a .dat file that is generated using the special
encryption tool according to the contract, and is delivered electronically. The customer
(e.g. carrier) needs to load the license on the device or software before the functions
supported by the license are applicable.
local area network A network formed by the computers and workstations within the coverage of a few
(LAN) square kilometers or within a single building, featuring high speed and low error rate.
Current LANs are generally based on switched Ethernet or Wi-Fi technology and run
at 1,000 Mbit/s (that is, 1 Gbit/s).
login mode A user mode that defines how users can log in to the client of the NMS. A login mode
can be a single user mode or a multiuser mode. In a single user mode, only the
administrator is allowed to log in. In a multiuser mode, all users are allowed to log in.
M
MAC address A link layer address or physical address. It is six bytes long.
MIB See management information base.
MML man-machine language
MML command Command using human-machine language, which is a main mode for operation and
maintenance on NEs. The EMS can operate NEs by issuing MML commands.
MO managed object
MPLS See Multiprotocol Label Switching.
MPLS VPN See multiprotocol label switching virtual private network.
MTBF See mean time between failures.
MTTR See mean time to repair.
Multiprotocol Label A technology that uses short tags of fixed length to encapsulate packets in different
Switching (MPLS) link layers, and provides connection-oriented switching for the network layer on the
basis of IP routing and control protocols.
management The information that is used for network management in a transport network.
information
management A type of database used for managing the devices in a communications network. It
information base comprises a collection of objects in a (virtual) database used to manage entities (such
(MIB) as routers and switches) in a network.

eSight
management rights The rights enabling a user to manage the specified devices and boards or the group of
a user to manage specified domains.
masked alarm An alarm whose correlation action is set to masked in alarm correlation analysis.
mean time between The average time between consecutive failures of a piece of equipment. It is a measure
failures (MTBF) of the reliability of the system.
mean time to repair The average time that a device will take to recover from a failure.
(MTTR)
multiprotocol label An Internet Protocol (IP) virtual private network (VPN) based on the multiprotocol
switching virtual label switching (MPLS) technology. It applies the MPLS technology for network
private network routers and switches, simplifies the routing mode of core routers, and combines
(MPLS VPN) traditional routing technology and label switching technology. It can be used to
construct the broadband Intranet and Extranet to meet various service requirements.
N
NAS network attached storage
NE network element
NIC network interface card
NTA See network traffic analyzer.
NTC See network traffic collector.
NTP Network Time Protocol
NetStream As a measurement and release technique based on network stream information,
NetStream can categorize and measure the traffic on the network and the utilization of
resources. It performs management and charging for various services and based on
different QoS.
network traffic Network traffic analysis tool that obtains statistical data from the NTC (Network
analyzer (NTA) Traffic Collector). The statistical data is a basis for flow evidence, capacity planning,
and attack detection.
network traffic Application running in Unix or Windows, which is responsible for receiving and
collector (NTC) processing UDP packets from the NTE (Network Traffic Exporter). Then it sends
statistical data to the NTA for further analysis.
O
O&M operation and maintenance
OLT optical line terminal
OMS operational management system
ONU See optical network unit.
optical network unit A form of Access Node that converts optical signals transmitted via fiber to electrical
(ONU) signals that can be transmitted via coaxial cable or twisted pair copper wiring to
individual subscribers.

eSight
optical splitter A passive component, which is used for splitting and sending optical power to
multiple ONUs connected by an optical fiber. In a GPON system that consists of the
OLT, ONU, splitter, and optical fibers, according to the split ratio, the optical signal
over the optical fiber connected to the OLT is splitted into multiple channels of optical
signals and send each channel to each ONU. Split ratio determines how many
channels of optical signals an optical fiber can be split to.
P
PBX private branch exchange
PC personal computer
PDB power distribution box
PHP penultimate hop popping
PON passive optical network
PXE See preboot execution environment.
PoE power over Ethernet
ping A method used to test whether a device in the IP network is reachable according to the
sent ICMP Echo messages and received response messages.
preboot execution A technology that enables computers to boot from the network. This technology is the
environment (PXE) successor of Remote Initial Program Load (RPL). The PXE works in client/server
mode. The PXE client resides in the ROM of a network adapter. When the computer is
booted, the BIOS invokes the PXE client to the memory, and the PXE client obtains
an IP address from the DHCP server and downloads the operating system from the
remote server using TFTP.
R
RADIUS See Remote Authentication Dial In User Service.
RADIUS An authentication mode in which the BRAS sends the user name and the password to
authentication the RADIUS server by using the RADIUS protocol. The RADIUS server
authenticates the user, and then returns the result to the BRAS.
RAID redundant array of independent disks
RRU See remote radio unit.
Remote Authentication A security service that authenticates and authorizes dial-up users and is a centralized
Dial In User Service access control mechanism. As a distributed server/client system, RADIUS provides
(RADIUS) the AAA function.
rack server A server that adopts the rack architecture. The architecture complies with the device
architecture standards of the telecommunication room, that is, a device is 19-inch wide
and its height is in the unit of U.
remote radio unit A module of the distributed base station. It performs the IF processing (digital I/Q
(RRU) modulation/demodulation, frequency up-/down-conversion, and DA/AD conversion)
of the signals, RF processing, and duplex.
report template A collection of report styles pre-defined by the report system. The report styles
include the report content, layout, data source, and generation conditions of the
statistics.

eSight
rights- and domain- A function of the NMS for authority management. With this function, you can:
based management
l Partition and control the management authority.
l Manage device nodes and service data by region.
l Grant different management and operation rights to users for different regions.
S
SAN See storage area network.
SAS serial attached SCSI
SATA Serial Advanced Technology Attachment
SCTP See Stream Control Transmission Protocol.
SFTP See Secure File Transfer Protocol.
SIP Session Initiation Protocol
SLA See service level agreement.
SMI structure of management information
SNMP See Simple Network Management Protocol.
SQL See structured query language.
SSH See Secure Shell.
SSID service set identifier
SSL See Secure Sockets Layer.
STelnet Secure Shell Telnet
Secure File Transfer A network protocol designed to provide secure file transfer over SSH.
Protocol (SFTP)
Secure Shell (SSH) A set of standards and an associated network protocol that allows establishing a secure
channel between a local and a remote computer. A feature to protect information and
provide powerful authentication function for a network when a user logs in to the
network through an insecure network. It prevents IP addresses from being deceived
and simple passwords from being captured.
Secure Sockets Layer A security protocol that works at a socket level. This layer exists between the TCP
(SSL) layer and the application layer to encrypt/decode data and authenticate concerned
entities.
Simple Network A network management protocol of TCP/IP. It enables remote users to view and
Management Protocol modify the management information of a network element. This protocol ensures the
(SNMP) transmission of management information between any two points. The polling
mechanism is adopted to provide basic function sets. According to SNMP, agents,
which can be hardware as well as software, can monitor the activities of various
devices on the network and report these activities to the network console workstation.
Control information about each device is maintained by a management information
block.

eSight
Stream Control A transport layer protocol used between the SCTP user application and a
Transmission Protocol connectionless packet network. In the SIGTRAN protocol stack, the upper-layer user
(SCTP) of SCTP is the adaptation module of the SCN signaling, for example, M2UA and
M3UA, and the lower layer of SCTP is the IP network. The SCTP protocol delivers
the higher reliability, optimum real-time performance, and multi-homing feature for
signaling transmission.
security Protection of a computer system and its data from harm or loss. A major focus of
computer security, especially on systems accessed by many people or through
communication lines, is preventing system access by unauthorized individuals.
service level agreement A service agreement between a customer and a service provider. SLA specifies the
(SLA) service level for a customer. The customer can be a user organization (source domain)
or another differentiated services domain (upstream domain). An SLA may include
traffic conditioning rules which constitute a traffic conditioning agreement as a whole
or partially.
signaling tracing An operation performed to trace messages, the connection process of a signaling link
on a port, and service processes in real time. The traced messages can be stored
automatically for check. The signaling tracing function provides a basis for rectifying
faults.
software distribution A mechanism for distributing applications and files to implement batch transfer of
files and applications and automatic installation of applications.
software source The installation media and configuration files used for deploying software.
storage area network An architecture to attach remote computer storage devices such as disk array
(SAN) controllers, tape libraries and CD arrays to servers in such a way that to the operating
system the devices appear as locally attached devices.
structured query A programming language widely used for accessing, updating, managing, and
language (SQL) querying data in a relational database.
subnet An abbreviation for subnetwork. A type of smaller networks that form a larger
network according to a rule, for example, according to different districts. This
facilitates the management of the large network.
T
TCP See Transmission Control Protocol.
TCP/IP Transmission Control Protocol/Internet Protocol
TFTP See Trivial File Transfer Protocol.
TLS Transport Layer Security
Transmission Control The protocol within TCP/IP that governs the breakup of data messages into packets to
Protocol (TCP) be sent using Internet Protocol (IP), and the reassembly and verification of the
complete messages from packets received by IP. A connection-oriented, reliable
protocol (reliable in the sense of ensuring error-free delivery), TCP corresponds to the
transport layer in the ISO/OSI reference model.
Trivial File Transfer A small and simple alternative to FTP for transferring files. TFTP is intended for
Protocol (TFTP) applications that do not need complex interactions between the client and server.
TFTP restricts operations to simple file transfers and does not provide authentication.
telepresence The Huawei telepresence system provides users a comfortable videoconferencing
environment in which they can have true-to-life and face to face remote conferences.

eSight
threshold A limitation on an amount, scale, or level. Changes will occur when a threshold is
reached.
threshold alarm The alarm occurs when the monitored value exceeds the threshold.
topology object A basic element in the NMS topology view, which includes submap, node, connection,
and so on.
traffic statistics An activity of measuring and collecting statistics of various data on devices and
telecommunications networks. With the statistics, operators can be aware of the
operating status, signaling, users, system resource usage of the devices or networks.
The statistics also help the operators manage the device operating, locate problems,
monitor and maintain the networks, and plan the networks.
U
UC See unified communications.
UDP See User Datagram Protocol.
UNI See user-to-network interface.
UPS uninterruptible power supply
URL See uniform resource locator.
User Datagram A TCP/IP standard protocol that allows an application program on one device to send
Protocol (UDP) a datagram to an application program on another. UDP uses IP to deliver datagrams.
UDP provides application programs with the unreliable connectionless packet delivery
service. That is, UDP messages may be lost, duplicated, delayed, or delivered out of
order. The destination device does not actively confirm whether the correct data
packet is received.
unified A service that is not limited by the device-and-network-centered communication
communications (UC) method (for example, email, instant short message, telephone, and multimedia
conference) and uses advanced technologies to enable users to communicate with their
colleagues, customers, and cooperation partners conveniently and effectively by using
most common communication tools and applications.
uniform resource An address that uniquely identifies a location on the Internet. A URL is usually
locator (URL) preceded by http://, as in http://www.microsoft.com. A URL can contain more details,
such as the name of a hypertext page, often with the file name extension .html or .htm.
user-to-network The interface between user equipment and private or public network equipment (for
interface (UNI) example, ATM switches).
V
VAP See virtual access point.
VLAN virtual local area network
VM See virtual machine.
VPN virtual private network
VTM See Virtual Teller Machine.
Virtual Teller Machine Self-service banking terminal that enables customers to process banking services
(VTM) independently or with remote assistance from tellers.

eSight
version file Includes the version software, patches, licenses, configuration data, and logs.
virtual NE An object similar to a common NE and is also displayed with an icon on a view. A
virtual NE, however, is only an NE simulated according to the practical situation,
which does not represent an actual NE. Therefore, the actual status of this NE cannot
be queried and its alarm status cannot be displayed with colors. Usually, a virtual NE
provides the trail management function for the NEs or subnetworks that the NMS
cannot manage, or provides the end-to-end service configuration method and the trail
management capability when the equipment is interconnected with third-party NEs.
virtual access point UVPCenter or vCenter for providing a centralized extensible platform for managing
(VAP) the virtualized infrastructures. - Centrally controls virtualized infrastructures. -
Provides automatic resource scheduling and high availability to improve cluster
security and availability.
virtual link The logical connection between topological objects in the NMS topology view.
virtual machine (VM) A software simulation of a complete computer system, which runs in an independent
environment and provides all hardware system functions. A physical machine can be
virtualized as multiple VMs based on application requirements, which allows multiple
operating systems to run on the same physical machine. Each operating system can be
virtually partitioned and configured, and users can switch between operating systems.
W
WAN wide area network
WLAN See wireless local area network.
WebUI web user interface
Wi-Fi See Wireless Fidelity.
Wireless Fidelity (Wi- A short-distant wireless transmission technology. It enables wireless access to the
Fi) Internet within a range of hundreds of feet wide.
whitelist A list or register of items that, for one reason or another, are being provided a
particular privilege, service, mobility, access or recognition.
wireless local area A hybrid of the computer network and the wireless communication technology. It uses
network (WLAN) wireless multiple address channels as transmission media and carriers out data
interaction through electromagnetic wave to implement the functions of the traditional
LAN.
X
XML See Extensible Markup Language.


Bsap Communications Application Programmer S Reference en 132716

Diunggah oleh

Informasi Dokumen

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Bsap Communications Application Programmer S Reference en 132716

Diunggah oleh

Hak Cipta:

Format Tersedia

eSight

HUAWEI TECHNOLOGIES CO., LTD.

Trademarks and Permissions

Huawei Technologies Co., Ltd.

Issue 03 (2016-05-30) Huawei Proprietary and Confidential i

About This Document

l Huawei pre-sales engineers

Indicates an imminently hazardous situation which, if not

Indicates a potentially hazardous situation which, if not

Indicates a potentially hazardous situation which, if not

Issue 03 (2016-05-30) Huawei Proprietary and Confidential ii

Indicates a potentially hazardous situation which, if not

Calls attention to important information, best practices and

Updates in Issue 02 (2016-03-30)

Updates in Issue 01 (2015-12-30)

Issue 03 (2016-05-30) Huawei Proprietary and Confidential iii

About This Document.....................................................................................................................ii

2 Functions and Features................................................................................................................. 4

Issue 03 (2016-05-30) Huawei Proprietary and Confidential iv

2.15.10 WLAN Management............................................................................................................................................. 62

Issue 03 (2016-05-30) Huawei Proprietary and Confidential v

2.21.1.6 UC Application Management............................................................................................................................. 219

4 Networking Mode..................................................................................................................... 242

7 Standard and Protocol Compliance....................................................................................... 259

Issue 03 (2016-05-30) Huawei Proprietary and Confidential vi

1 Product Positioning and Features

About This Chapter

Issue 03 (2016-05-30) Huawei Proprietary and Confidential 1

1.2 Product Features

Multiple Service Management Components

Issue 03 (2016-05-30) Huawei Proprietary and Confidential 2

Multiple Editions Catering for Differentiated Needs

eSight 5000 NEs This edition manages a wide array of network

eSight 20000 NEs In addition to providing all functions of the Standard

Independent NE Adaptation Capability

Lightweight Web-based Client

Issue 03 (2016-05-30) Huawei Proprietary and Confidential 3

2 Functions and Features

About This Chapter

2.1 Security Management

Issue 03 (2016-05-30) Huawei Proprietary and Confidential 4

eSight supports hierarchical network management, enabling an upper-layer NMS to centrally

Issue 03 (2016-05-30) Huawei Proprietary and Confidential 5

2.1 Security Management

Security Description Security Policies

System The system security Patch policies, security hardening policies,

Data The data security l Encryption policies define encrypted storage

Issue 03 (2016-05-30) Huawei Proprietary and Confidential 6

Security Description Security Policies

O&M The O&M security l Access mechanism by group and permission

Security management includes user management, role management (authorization

Figure 2-1 shows the implementation mechanism of eSight security management.

Figure 2-1 Security management overview

Issue 03 (2016-05-30) Huawei Proprietary and Confidential 7

This topic focuses on eSight user security.

eSight provides the following user management functions:

l Creating users: Users can be created one by one or in batches.

The password for the admin user cannot be reset.

Role Management (Rights- and Domain-based Management)

Issue 03 (2016-05-30) Huawei Proprietary and Confidential 8

Issue 03 (2016-05-30) Huawei Proprietary and Confidential 9

For the RADIUS authentication process, see Figure 2-2.

Issue 03 (2016-05-30) Huawei Proprietary and Confidential 10