H3C DR2000 Application-Driven Campus Director

HomeProducts & TechnologyEnterprise ProductsSDN&NFVDirectorH3C DR2000 Application-Driven Campus Director
Third Party Application System

H3C DR2000 Application-Driven Campus Director (AD-Campus Director) is developed based on Software Defined Network (SDN) to combine network and services for intelligent campus network management. It is applicable to VxLAN-based campus networks of all sizes and provides automated device deployment, end-to-end service deployment, account-IP binding, and unified wired and wireless management.

Automated campus network deployment

* Simplified online configuration—Simplify network configurations based on spine-leaf-access layer network design to deploy the same configuration file to devices at the same layer. AD-Campus Director can guide you to complete configuration file generation for a layer without any command execution and can load the configuration file for the devices at this layer automatically.

http://websiteuat.h3c.com/en/res/201808/22/20180822_3661376_image028_1104274_294549_0.png

* Location identifier import—Automatically import device location identifiers after the devices come online, allowing for fast device locating and troubleshooting.

* Full-process monitoring—Allow you to monitor the whole deployment process of devices from AD-Campus Director.

* Automatic expansion and replacement—Automatically identify newly added devices and replaced devices, assigns configuration to the newly added, and restores configuration on the replaced.

* Automated configuration and orchestration policy deployment through code scanning.

Scenario-based service deployment wizards

AD-Campus Director provides scenario-based wizards, including initial configuration, device launching, service planning, account opening, and guest management, allowing one-click service deployment and greatly improving management efficiency.

http://websiteuat.h3c.com/en/res/201808/22/20180822_3661377_image029_1104274_294549_0.jpg

Automated end-to-end service deployment

AD-Campus Director can automatically identify device and port roles in the network and issue specific configuration to devices and ports based on their roles. This can greatly reduce service deployment time and improve efficiency.

http://websiteuat.h3c.com/en/res/201808/22/20180822_3661378_image030_1104274_294549_0.png

As shown in the following table, for example, to deploy 4 spine devices, 40 leaf devices, and 500 access devices in a school network with 10000 access users, a total of 133 hours are required for deploying the configurations listed in the table, with 10 minutes for each device. However, with AD-Campus Director, deployment can be finished within one hour.

Item

Configuration

Time required with AD-Campus Director

VRF instance creation

VRF instance creation

Spine devices—Less than 1 minute

Leaf devices—Less than 1 minute

VXLAN configuration

VSI and VSI interface creation

Spine devices—Less than 1 minute

Leaf devices—Less than 1 minute

AC creation and AC-VXLAN association

Leaf device downlink interfaces:

Less than 2 minutes

VLAN creation

Access devices—0.05 minutes for each device

Leaf devices—Less than 2 minutes

Spine devices—Less than 1 minute

Security group configuration

DHCP network segment and Option 82 configuration

< 1 minute

DHCP relay configuration on the VSI interfaces of leaf devices

< 2 minutes

VRF instance and VSI interface binding

Spine devices—Less than 1 minute

Leaf devices—Less than 2 minutes

Inter-group policy creation

ACL configuration on the source security group's VSI interface

Spine devices—Less than 1 minute

Leaf devices—Less than 2 minutes

Total

N/A

< 1 hour

Diversified resource management

* Topology management—Provide the following topology views for multi-dimension network management:

* Overall topology—Display all devices managed by AD-Campus Director.

* Custom topology—Display devices in the customized view. AD-Campus Director allows you to add devices to a customized topology view for ease of management.

*Overlay topology—Display specific VXLAN topology based on the VXLAN ID.

http://websiteuat.h3c.com/en/res/201808/22/20180822_3661380_image031_1104274_294549_0.jpg

* Wired management—Provide batch device management and single-device configuration (VLAN configuration, for example) and management.

http://websiteuat.h3c.com/en/res/201808/22/20180822_3661381_image032_1104274_294549_0.jpg

* Wireless management—Provide management of HP MSM series, H3C series, Aruba, and Cisco ACs, fat APs, and fit APs, as well as auto discovery, configuration, and monitoring of wireless clients. You can monitor device operation status and manage devices in groups by mobility group, floor, or device type.

http://websiteuat.h3c.com/en/res/201808/22/20180822_3661382_image033_1104274_294549_0.jpg

* DHCP, DNS, and IP (DDI) management—Help administrators control IP address allocation, record abnormal address access, track IP addresses, and scan network segment usage. It supports assigning different IP segments to different operators, and allows administrators to view IP address usage in the whole network through statistics reports and various query criteria.

http://websiteuat.h3c.com/en/res/201808/22/20180822_3661383_image034_1104274_294549_0.jpg

* Underlay management—Manage device configuration files and image files with the following features:

* Baseline configuration—Allow for setting a configuration file baseline to track configuration changes.

* Software upgrade history—Record software upgrade history and provides fast rollback to a previous version.

* Configuration template and software file libraries—Allow you to upload software files, and create configuration templates or use pre-set templates provided by H3C IMC. This implements configuration template and software file reuse and reduces maintenance complexity.

*

http://websiteuat.h3c.com/en/res/201808/22/20180822_3661384_image035_1104274_294549_0.jpg

* Overlay management—Provide VXLAN list, tunnel list, tenant management, and other VXLAN management functions.

Diversified user management

* Online user management—Provide online user filter, message issuing, forced log-off, and re-authentication functions.

* User authentication and authorization—Support LAN, WLAN, and VPN access authentication, and provides unified user privilege management through combination of users, access services, scenarios, and security groups.

http://websiteuat.h3c.com/en/res/201808/22/20180822_3661385_image036_1104274_294549_0.jpg

http://websiteuat.h3c.com/en/res/201808/22/20180822_3661386_image037_1104274_294549_0.jpg

* Guest management—Control guest access by allowing them to access limited resources only when the access is granted by the guest administrator.

* Automated authentication—Bind user account and terminal MAC address at the first authentication, and allows users to come online again without being re-authenticated within a specific period.

* User and security group binding—Bind users' account name, IP address, and MAC address to specific security groups to give users coherent access privileges anytime anywhere.

* Terminal security protection—Protect a network against security policy violations by access-region-based security checks. AD-Campus Director kicks out, isolates, informs, or monitors users that violate security policies, including anti-virus software, OS, and compliance software, and triggers alarms when such a user is detected.

* User behavior audit—Provide NAT logs and network traffic analysis to help operators check network access information.

Application-driven service orchestration

AD-Campus Director can dynamically orchestrate network resources to achieve on-demand service allocation. It abstracts the complexity of network resources to simplify network infrastructure and provides easy but highly efficient management. By defining virtualized network resources as virtual objects, AD-Campus Director allows you to use an easy drag-and-drop process to orchestrate them.

Group-based management

AD-Campus Director provides group-based user, privilege, and resource management.

* Common group—Allow you to place devices or interfaces at the same layer in one group. AD-Campus Director has created device groups and interface groups based on device roles and their relationships in the spine-leaf-access structure. You can adjust the groups as needed.

* Security group—Restrict user privileges by security groups instead of legacy VLAN and ACL combinations. It allows you to define security groups, resource groups, and inter-group policies and orchestrate user privileges to implement flexible and coherent user access anywhere.

http://websiteuat.h3c.com/en/res/201808/22/20180822_3661388_image039_1104274_294549_0.jpg

* Scenario-based access service—Associate users with specific access services based on scenarios. Each access service is configured with various access criteria (5W1H) and is bound to a security group for convenient user management. AD-Campus Director also supports user import from LDAP server, and configuration of system, certificate, upgrade, and single sign-on (SSO) settings for correct access service operation.

http://websiteuat.h3c.com/en/res/201808/22/20180822_3661389_image040_1104274_294549_0.jpg

One-stop orchestration

AD-Campus director offers a platform for consolidating access services, scenarios, private networks, security groups, Layer 2 network domains, and inter-group policies to implement one-stop orchestration.

http://websiteuat.h3c.com/en/res/201808/22/20180822_3661390_image041_1104274_294549_0.jpg

AD-Campus Director provides the following orchestration policies:

* Inter-group policies—Control east-west traffic between users and servers within the campus network.

* Egress policies—Manage firewall/IPS, bandwidth, and NAT settings and control north-south traffic for granular access control and security protection of external and Internet access.

http://websiteuat.h3c.com/en/res/201808/22/20180822_3661391_image042_1104274_294549_0.jpg

http://websiteuat.h3c.com/en/res/201808/22/20180822_3661392_image043_1104274_294549_0.jpg

Professional operation and maintenance monitoring

* Dashboard—Display security group status, activeness, online clients, alarm statistics, wired and wireless resource statistics, terminal usage, and user access information.


* Alarm management—Provide trap definitions, trap filters, and trap-to-alarm rules to achieve comprehensive real-time trap monitoring. AD-Campus Director can also send alarms or traps to the specified E-mail or short message recipients as well as other network management systems.

http://websiteuat.h3c.com/en/res/201808/22/20180822_3661395_image046_1104274_294549_0.jpg

* Traffic analysis—Analyze traffic information, including source, destination, session owner, duration, and trends, and generates graphs and tables for users to understand the network status from various aspects. With rule- and policy-based deep analysis methods such as root analysis and SLA analysis, users can fast diagnose network problems, solve bandwidth bottleneck issues, and optimize the network. AD-Campus Director also provides traffic abnormity check, centralized security event management, and synergetic response based on the resource management platform to improve the risk identification and threat processing performance.

http://websiteuat.h3c.com/en/res/201808/22/20180822_3661396_image047_1104274_294549_0.jpg

* Syslog management—Collect, display, and analyze system logs, and upgrade a log message to an alarm if the message matches the requirements. This helps you fast discover and solve problems.

* Performance management—Provide performance management views, each of which contains one or multiple indexes for performance monitoring. Each index can contain multiple monitoring instances. You can add, modify, and delete performance management views. In a performance management view, the collected statistics are displayed in the form of TopN or trend graphs, or statistics tables.

* Compliance management—Examine whether a device is compliant with the regulatory requirements based on the configured compliance policies. The detected configuration or security issues can be restored by AD-Campus Director automatically. These all together ensures that a company's network runs in a secure and stable environment.

Lite edition and fast deployment

* Lite edition for small-scale deployment (less than 2000 users) with abundant functions, including fast AD-Campus Director deployment, authentication, and wireless management.

* All-in-one installation and fast deployment of open-source OS, open-source database, AD-Campus Director, DHCP server, and SDN applications, such as ADEIA and ADWSM, on a bare server within one hour.

http://websiteuat.h3c.com/en/res/201808/22/20180822_3661397_image048_1104274_294549_0.jpg

Server requirements

Item

Windows Server 2012 R2 (64-bit)

Red Hat Enterprise Linux Server 5.5/5.9/6.1/6.4/7.x

Managed devices

0 to 200 (excluded)

200 to 500 (excluded)

500 to 1000

0 to 200 (excluded)

200 to 500 (excluded)

500 to 1000

Processor clock speed

≥ 2.0 GHz

≥ 2.0 GHz

≥ 2.0 GHz

≥ 2.0 GHz

≥ 2.0 GHz

≥ 2.0 GHz

Processors

≥ 2

≥ 4

≥ 8

≥ 2

≥ 4

≥ 8

Memory size

≥ 500 M

≥ 1G

≥ 2G

≥ 500 M

≥ 1G

≥ 2G

Hard drive size

10 GB

20 GB

50 GB

10 GB

20 G

50 GB

10/100/1000Mb autosensing network adapters

≥ 1

≥ 1

≥ 1

≥ 1

≥ 1

≥ 1

Database version

SQL Server 2008 SP3

SQL Server 2008 R2 SP2

SQL Server 2012 SP2

SQL Server 2014

Oracle 11g Release 1

Oracle 11g Release 2

Oracle 12c Release 1

DHCP server version

Microsoft DHCP server 6.3 or higher (comes with Windows Server 2012 R2)

Microsoft DHCP server 6.3 or higher (comes with Windows Server 2012 R2)

Client requirements

Item

Requirements

Operating system

Windows

Processor clock speed

≥ 2.0 GHz

Memory size

≥ 1 GB

Hard drive size

≥ 20 GB

Optical drive

48X optical drive

Network adapter

≥ 100 M

Audio card

Installed

Browser configuration

Pop-up blocker disabled

Browser cookies enabled

AD-Campus Director website in the trusted site list

A minimum of 1024px-wide display resolution

Browser version

IE10.0/IE11

Firefox30 or higher version

Chrome44 or higher version

Features

Menu

Submenu

Description

Required Component

Dashboard

Dashboard

Displays overall network performance, status, and alarm statistics.

N/A

Quick Start

Quick Start

Provides shortcuts for frequently used functions

N/A

Campus Planning

Campus Planning

Provides network planning and automatic device deployment configuration.

N/A

Topology

Custom Topology

Provides customized topology configuration functions.

N/A

Overall Topology

Displays the overall topology that contains all devices.

N/A

Overlay Topology

Displays VXLAN topologies.

N/A

Resource

Wired

Provides wired device management.

N/A

Wireless

Provides wireless device management.

ADWSM

Security

Provides management of security features, such as firewall, IPS, and ACG.

ADSSM

LB

Provides LB resource management.

ADSSM

DDI

Provides DHCP, DNS, and IP management.

N/A

Service

Common Group

Provides interface group and device group management.

N/A

User Policy

Provides one-stop orchestration of VRF instances, security groups, Layer 2 domains, access services, scenarios, inter-group policies, and egress security policies, and allows inter-group policy configuration from the aspect of user and scenario.

ADEIA

Security Group

Provides VRF instance, Layer 2 domain, resource group, SGACL, inter-group policy, and egress security policy management.

N/A

Access Service

Provides access service, access policy, and scenario configuration and LDAP server synchronization.

ADEIA

Endpoint Admission Defense (EAD)

Provides security policy, terminal access policy, and software policy management.

ADEAD

Underlay

Provides Underlay service management.

N/A

Overlay

Provides Overlay/VXLAN service management.

N/A

Service Parameters

Provides NTP server and wireless forwarding mode management.

N/A

User

Online Users

Provides user access service management.

ADEIA

All Access Users

Allows for querying users with applied access account.

ADEIA

Guest

Provides guest policy and webpage pushing policy management.

ADEIA

Endpoint Management

Provides automated authentication and endpoint management.

ADEIA

Behavior Audit

Audits online behavior of users.

ADUBA

IP Address Management

Provides user account, IP address, MAC address, and security group binding.

ADEIA

All Assets

Provides desktop asset, peripheries, and software issuing management.

ADEAD

Troubleshooting

Alarm Analysis

Manages and analyzes alarms.

N/A

Syslog Analysis

Manages and analyzes syslog.

N/A

Performance Analysis

Analyzes performance.

N/A

Traffic Analysis

Analyzes network traffic.

ADNTA

Compliance Check

Checks configuration compliance.

N/A

Spectrum Analysis

Performs spectrum analysis.

ADWSM

WIPS Detected

Performs wireless IPS analysis.

ADWSM

User Access Log

Analyzes user access logs.

ADEIA

Security Event Analysis

Analyzes network security events.

ADSSM

System Management

System Management

Operators

N/A

Operating logs

N/A

Access parameters

N/A

System parameters

N/A

Dashboard

N/A

APP

APP

An application for smart phones to scan SN codes and configure role and location information.

The APP is available only for Android systems.

N/A

Standard

* In a standard scenario as shown in the following figure, the network egress is separate from other campus network services. This structure enables multiple campus networks to be connected in a hybrid way and use the same access services. Each campus is deployed with a primary route reflector (RR) and a backup RR to synchronize route entries in the whole network.

http://websiteuat.h3c.com/en/res/201808/22/20180822_3661399_image028_1104276_294549_0.png

* In a standard scenario as shown in the following figure, multiple campus networks are connected in a hybrid way and use the same access services. The main campus contains spine, leaf, and access devices, among which the spine devices act as route reflectors (RR) to synchronize route entries in the whole network. Branch campuses only contain leaf and access devices.

http://websiteuat.h3c.com/en/res/201808/22/20180822_3661400_image029_1104276_294549_0.png

Lite Edition

Lite Edition of AD-Campus Director is applicable only to single-campus and Layer 2 campus applications.

http://websiteuat.h3c.com/en/res/201808/22/20180822_3661401_image030_1104276_294549_0.png

Product ID

Product Description

SWP-DR2000-ADCAM

H3C DR2000 AD-Campus Director Software

SWP-DR2000-ADCAM-M

H3C DR2000 AD-Campus Director Software, Miniature Edition

SWP-DR2000-ADCAM-S

H3C DR2000 AD-Campus Director Software, Small Edition

SWP-DR2000-ADCAM-SMB

H3C DR2000 AD-Campus Director Software, SMB Edition

SWP-SDNAPP-ADEIA

H3C SDNAPP, End-user Intelligent Access Software

SWP-SDNAPP-ADWSM

H3C SDNAPP, Wireless Service Manager Software

LIS-DR2000-ADCAMG-SOF

H3C DR2000 AD-Campus Director, Service Orchestration Feature License

LIS-DR2000-ADCAMH-HA

H3C DR2000 AD-Campus Director, High Availability Enhance License

Are you an H3C partner? Log in to see additional resources.
You can find excellent H3C partners, or you can become one of them to build a
partnership with H3C and share success together.