H3C Application-Driven Campus 5.0 Solution10-07-2019
H3C Application-Driven Campus (AD-Campus) Solution is innovative campus network solution built on SeerNetwork Architecture (SNA). The solution achieves great integration and convergence to easily reflect intent to network operation. With full lifecycle, open architecture and deep intelligence, AD-Campus is along with partner to be committed to solve existing challenges and assist customers to accelerate digital innovation and transformation.
AD-Campus combines VXLAN and the concept of Software-Defined Networking (SDN) to create a new-generation flexible network. It converts campus network from "user adapts to network" to "network adapts to users", enabling users and devices to roam around campus seamlessly, while remaining consistent user experience and simplified network operation. It reduces complexity of network deployment and maintenance and meets the increased requirements of mobility and massive terminal access on campus network.
Figure 1. AD-Campus Architecture
Features and Benefits
AD-Campus solution adopts SDN architecture, decoupling control plane from infrastructure. As SDN controller, SeerEngine translates business intent into network language to achieve automated end-to-end service provisioning. With GUI and policy matrix, all initialization and policy will be done by several clicks, liberating network engineers or managers from complicated command lines. Furthermore, due to closed loop intent network, the analysis will become feedback to revise existing policy and optimize overall network. Powered by AD-Campus, customer could highly focus on business innovation and enable faster business launch.
Figure 2. Intent-Based Network
Automation and Simplicity
Configuration becomes more complex with the growth of users and devices. In a traditional campus network, most network installation and changes are manual and primitive, which is prone to human errors.
With AD-Campus solution, customer would design, provision and manage the network on SNA center. The whole system would follow customers’ intent and be operated rapidly and simply.
Automated device onboarding: With only three templates (Spine, Leaf, Access), AD-Campus constructs underlay & overlay network automatically without extra manual configuration. There are only four steps to set the entire network to be ready.
Pre-configure automation templates, including IP & Fabric Plan
Use scanner or excel to batch import series number
Automatically start deployment
Compared with traditional network, AD-Campus users may experience over 70% reduction in time spent on network automation.
Figure 3. AD-Campus Vs Traditional Campus
Rapid service provisioning: To avoid complicated configuration, misunderstanding of previous code and potential mistake risk by using command lines, AD-Campus saves your effort by automatically distributing policy based on your intent. All the orchestration is clearly shown on the GUI for further operation or correction.
Figure 4. Role-Based Grouping & Group-Based Policy
Expansion & replacement: Once customer needs to expand network or change fault devices, the only thing they need to do is assign specific roles on SNA center for expanded or replaced devices. All the configuration and policy will be synchronized to new devices.
Dumb terminal easy onboarding: Accompanying with explosive development of dumb terminals, network faces authentication and security problems. There are higher requirement on dynamic access authentication to meet the batch deployment demand. Traditional MAC + Port binding may increase the complexity of operation. Furthermore, users pay more attention on privacy, falsification and network attack.
Aiming to solve these pain points, AD-Campus allows fast and secure access at any place of the network. With Automatic Sorting Engine (ASE), it can identify terminals and automatically sort them into correlated groups based on business type with secure isolation.
Figure 5. Automatic Sorting Engine
Superior User Experience
In a conventional campus network, IP addresses and security policies change when the users roam. Thus, increasing mobility causes complex network planning, configuration and tests.
AD-Campus creates a location independent campus network, providing optimal experiences for each user on each terminal. Clients can access the network anywhere and anytime without repetitive authentication and authorization. It is also convenient to deploy or move terminals with plug and play function. For network managers, they can easily and efficiently handle management.
AD-Campus constantly delivers customized experience in different scenarios. Users can fix their IP address or just keep the same roles to acquire seamless experience. With AI empowerment, the solution presents rich information based on different metrics to improve troubleshooting.
Client 360*: It provides onboarding time, RF quality, roaming time and other full-scale details about client health, which makes engineers clearly understand how situation clients are and what problem is right now.
Wireless optimization*: By locating weak signal issue, access failure issue and roaming issue, AD-Campus gives deep protection of wireless experience.
Time travel*: AD-Campus supports display of past events and comprehensive information on timeline, making it easy for engineers to know what happened before and why problems happened.
Figure 6. Superior User Experience
* SeerAnalyzer (AIOps) is on roadmap
Credibility & Security
To ensure credible access and secure communication, AD-Campus solution provides 5W1H scenario-based authentication and comprehensive security control.
Scenario-based authentication: Besides accounts and codes, AD-Campus realizes flexible and customized requirements by limiting access condition and endpoint type. With this feature, you can allow students to access critical research database in the campus, but not when they are at home using their own laptops.
Segmentation: With policy matrix, customer can easily achieve L2-L4 security control between users and IT resources on campus gateway.
Application-level security: AD-Campus provides service chain to achieve application-level security. In traditional way, you care both service and network. Policies and traffic redirection are always manual and complicated. While in AD-Campus solution, you care only service. The network part is GUI based, automated and virtualized.
Endpoint security: As tremendous endpoints link to network, it is urgent to stabilize network from potential risks due to terminal side.
User-endpoint binding: To meet stringent security and regulatory compliance requirement, AD-Campus provides flexible user-endpoint binding modes, including user-access port binding, user-MAC address binding, and user-IP address binding. Engineer can implement robust control on users and audit their behavior, which is quite efficient to pinpoint problems.
Anti-spoofing: To defend against spoofing attacks, the solution provides dumb terminal anti-spoofing, user-endpoint anti-spoofing and anti-IP spoofing.
Endpoint Admission Defense (EAD): With iNode client, customer could achieve security inspection, behavior auditing and data protection on endpoints.
Figure 7. Comprehensive Security
The scale, data traffic and complexity of network are experiencing explosive growth, and traditional O&M becomes tough to handle. AD-Campus introduces SeerAnalyzer* to achieve AIOps.
Health degree*: SeerAnalyzer collects plenty of data from devices, users and application. Tons of data will be transformed, sorted to different factors and fully visualized. With a single dashboard, you can identify network situation, user and service health condition clearly.
Fast troubleshooting*: SeerAnalyzer can trace back past events where malfunction happens and analyze root cause, helping manager reduce interruption and cost.
Trend prediction*: With big data and AI empowerment, SeerAnalyzer may predict future situation. With dynamic threshold, it can trigger alarm more precisely and timely. With traffic and capacity prediction, it can provide best option at the best time.
Figure 8. Health Degree of AP
* SeerAnalyzer (AIOps) is on roadmap
AD-Campus consistently embeds convergence concept. Through the convergence, the solution has the ability to unify scenarios, simplify operation and centralize management.
Wired & wireless convergence: All wired and wireless O&M will be centralized to one management plane.
Multi-fabric convergence: To ensure unified policy and consistent experience, AD-Campus provides a single platform to design, deployment and management across multi-fabric, which makes the network be adaptable, flexible and efficient
Cross-domain convergence: AD-Campus provides unified orchestration and management between campus and DC, which reduces large number of tasks and supply integrated experience.
Figure 9. Campus-DC Convergence
Automated Deployment and Provisioning
Superior Consistent Experience
5W1H Authentication & Authorization
Application-Level Security Control
Continuous Monitoring, Assurance and Optimization
AI Empowered Troubleshooting & Prediction
Cost Saving & Investment Protection
Open Architecture (standard RESTful API)
Third Party Compatibility
AD-Campus solution provides three networking models based on different network scales.
Single-Leaf Model: For small and medium-sized networks, propose Single-Leaf model to build cost-effective AD-Campus network.
Standard 3-tier Model: For medium and large-sized networks, propose Standard 3-tier model to build highly automated, extensible and intelligent network.
Multi-Fabric Model: For multi-campus networks, propose Multi-Fabric model to ensure policy consistency.
Centralized Deployment: Cost-effective, high requirement on consistent service
Distributed Deployment: High availability, long distance between multiple fabrics.
Figure 10. Network Model
AD-Campus solution provides wide range of available products for hierarchy scenarios.
S10500X, S7500E/X, S6520X-HI/EI, S5560X-EI
S6520X-SI, S5130S-HI/EI, S3100V3-EI
WX5860H, WX3840H, WX3820H, WX1800H
WA560, WA538,WA536,WA530, WA530X, WA510H,WA5330, WA5530X,
WA6622, WA6628, WA6638, WA6330
H3C SNA Center Basic License
H3C SNA Center Software Feature License, 1 Campus Controller Cluster
H3C SNA Center software Feature License, 1 SeerAnalyzer
H3C vDHCP1000 License (Comware 9, Standard Edition, Permanent)
H3C SeerEngine Campus Additional 1 Server Node License
H3C SeerEngine Campus Additional 1 Physical Switch License
H3C SeerEngine Campus Additional 1 PON Device License
H3C SeerEngine Campus Additional 1 Service Chain Node License
H3C SeerAnalyzer Software Campus Edition License
H3C SeerAnalyzer Software Campus Edition Analyzer License, 1 Managed Node
H3C SeerAnalyzer Software Campus Edition License, 1 Managed Modular NE
H3C SeerAnalyzer Software Campus Edition License, 1 Managed Fixed-Port NE
H3C SeerAnalyzer Software Campus Edition License, 1 Managed AP
H3C iMC, Intelligent Management Platform Standard Edition
H3C iMC, End-user Intelligent Access Component
H3C iMC, Endpoint Admission Defense Component
H3C iMC, Wireless Service Manager Component
H3C iMC, Intelligent Management Platform Standard Edition,
H3C iMC, End-user Intelligent Access Component,
H3C iMC, End-user Intelligent Access Component, End-user Intelligent Profiling,
H3C iMC, Endpoint Admission Defense Component,
H3C iMC, Wireless Service Manager Component,
H3C iMC, Wireless Service Manager Component, Location Service,
50/100/200/500/1000/2000/5000 Licenses (AP)
H3C iMC, Wireless Service Manager Component, Intrusion Prevention System,