Login
- Table of Contents
-
- 17-Network Management and Monitoring Configuration Guide
- 00-Preface
- 01-Information center configuration
- 02-Flow log configuration
- 03-Fast log output configuration
- 04-NetStream configuration
- 05-Cloud connection configuration
- 06-Mirroring configuration
- 07-Packet capture configuration
- 08-NQA configuration
- 09-Track configuration
- 10-BFD configuration
- 11-Monitor Link configuration
- 12-Smart Link configuration
- 13-Interface backup configuration
- 14-Interface collaboration configuration
- 15-System maintenance and debugging configuration
- 16-NTP configuration
- 17-EAA configuration
- 18-Process monitoring and maintenance configuration
- 19-NETCONF configuration
- 20-CWMP configuration
- 21-SNMP configuration
- 22-RMON configuration
- 23-Event MIB configuration
- 24-Process placement configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 05-Cloud connection configuration | 81.66 KB |
Cloud connection establishment
Restrictions: Hardware compatibility with cloud connections
Unbinding the device from the cloud server
Display and maintenance commands for cloud connections
Cloud connection configuration examples
Example: Configuring a cloud connection
Configuring cloud connections
About cloud connections
A cloud connection is a management tunnel established between a local device and the cloud server. It enables you to manage the local device from the cloud server without accessing the network where the device resides.
Multiple subconnections
After a local device establishes a connection with the cloud server, service modules on the local device can establish multiple subconnections with the microservices on the cloud server. These subconnections are independent from each other and provide separate communication channels for different services. This mechanism avoids interference among different services.
Cloud connection establishment
As shown in Figure 1, the cloud connection between the device and the cloud server is established as follows:
1. The device sends an authentication request to the cloud server.
2. The cloud server sends an authentication success packet to the device.
The device passes the authentication only if the serial number of the device has been added to the cloud server. If the authentication fails, the cloud server sends an authentication failure packet to the device.
3. The device sends a registration request to the cloud server.
4. The cloud server sends a registration response to the device.
The registration response contains the uniform resource locator (URL) used to establish a cloud connection.
5. The device uses the URL to send a handshake request (changing the protocol from HTTP to WebSocket) to the cloud server.
6. The cloud server sends a handshake response to the device to finish establishing the cloud connection.
7. After the cloud connection is established, the device automatically obtains the subconnection URLs and establishes subconnections with the cloud server based on the service needs.
Figure 1 Establishing a cloud connection
Restrictions: Hardware compatibility with cloud connections
|
F1000 series |
Model |
Cloud connection compatibility |
|
F1000-X-G5 series |
F1000-A-G5, F1000-C-G5, F1000-C-G5-LI, F1000-E-G5, F1000-H-G5, F1000-S-G5 |
No |
|
F1000-X-G3 series |
F1000-A-G3, F1000-C-G3, F1000-E-G3, F1000-S-G3 |
No |
|
F1000-X-G2 series |
F1000-A-G2, F1000-C-G2, F1000-E-G2, F1000-S-G2 |
No |
|
F1000-9X0-AI series |
F1000-9390-AI, F1000-9385-AI, F1000-9380-AI, F1000-9370-AI, F1000-9360-AI, F1000-9350-AI, F1000-9330-AI, F1000-9320-AI, F1000-990-AI, F1000-980-AI, F1000-970-AI, F1000-960-AI, F1000-950-AI, F1000-930-AI, F1000-920-AI , F1000-910-AI, F1000-905-AI |
No |
|
F1000-C83X0 series |
F1000-C8395, F1000-C8390, F1000-C8385, F1000-C8380, F1000-C8370, F1000-C8360, F1000-C8350, F1000-C8330 |
Yes |
|
F1000-C81X0 series |
F1000-C8180, F1000-C8170, F1000-C8160, F1000-C8150, F1000-C8130, F1000-C8120, F1000-C8110 |
Yes |
|
F1000-7X0-HI series |
F1000-770-HI, F1000-750-HI, F1000-740-HI, F1000-730-HI, F1000-720-HI, F1000-710-HI |
No |
|
F1000-C-X series |
F1000-C-EI, F1000-C-HI, F1000-C-XI, F1000-E-XI |
No |
|
F1000-V series |
F1000-E-VG, F1000-S-VG |
No |
|
SecBlade IV |
LSPM6FWD8, LSQM2FWDSC8 |
No |
|
F100 series |
Model |
Cloud connection compatibility |
|
F100-X-G5 series |
F100-A-G5, F100-C-G5, F100-E-G5, F100-M-G5, F100-S-G5 |
No |
|
F100-X-G3 series |
F100-A-G3, F100-C-G3, F100-E-G3, F100-M-G3, F100-S-G3 |
No |
|
F100-X-G2 series |
F100-A-G2, F100-C-G2, F100-E-G2, F100-M-G2, F100-S-G2 |
No |
|
F100-WiNet series |
F100-A80-WiNet, F100-C80-WiNet, F100-C60-WiNet, F100-C50-WiNet, F100-S80-WiNet, F100-A81-WiNet, F100-A91-WiNet |
No |
|
F100-C-A series |
F100-C-A6, F100-C-A5, F100-C-A3, F100-C-A6-WL, F100-C-A5-W, F100-C-A3-W |
No |
|
F100-X-XI series |
F100-A-EI, F100-A-HI, F100-A-SI, F100-C-EI, F100-C-HI, F100-C-XI, F100-E-EI, F100-S-HI, F100-S-XI |
No |
Configuring the cloud server
For a successful cloud connection establishment, add the serial number of the device to be managed to the cloud server.
Configuring the local device
About this task
You can specify a cloud server by its domain name and log in to the server through the domain name on a remote PC to manage the local device.
If the local device does not receive a response from the cloud server within three keepalive intervals, the device sends a registration request to re-establish the cloud connection.
To prevent NAT entry aging, the local device sends ping packets to the cloud server periodically.
Restrictions and guidelines
You can specify one primary server by using the cloud-management server domain command and a maximum of eight backup servers by repeating the cloud-management backup-server domain command.
When establishing a cloud connection, the device connects to one of the primary and backup servers according to the sequence in which they are specified. The first specified server has the highest priority. When the connected server fails, the device switches to another server and does not switch back to the original server even if the original server recovers. To view the connected server, execute the display cloud-management state command.
Reduce the ping interval value if the network condition is poor or the NAT entry aging time is short. When you use the ADWAN server for cloud connections, you must set the password for establishing cloud connections to the ADWAN server.
Prerequisites
Before configuring this feature, make sure a DNS server is configured to translate domain names.
Procedure
1. Enter system view.
system-view
2. Specify the primary cloud server by its domain name.
cloud-management server domain domain-name [ vpn-instance vpn-instance-name ] [ source-ip ipv4-address ]
By default, the cloud server uses domain name ops.seccloud.h3c.com.
3. (Optional.) Specify a backup cloud server by its domain name.
cloud-management backup-server domain domain-name [ vpn-instance vpn-instance-name ] [ source-ip ipv4-address ]
By default, no backup cloud server is specified.
4. (Optional.) Set the keepalive interval.
cloud-management keepalive interval
By default, the keepalive interval is 180 seconds.
5. (Optional.) Set the ping interval.
cloud-management ping interval
By default, the ping interval is 60 seconds.
6. (Optional.) Specify the TCP port number used to establish cloud connections.
cloud-management server port port-number
By default, TCP port number 19443 is used to establish cloud connections.
7. (Optional.) Set the password for establishing cloud connections to the ADWAN server.
cloud-management server password { cipher | simple } string
By default, no password is set for establishing cloud connections to the ADWAN server.
Unbinding the device from the cloud server
About this task
A device can be registered on the cloud server by only one user.
To register a device that has been registered by another user, you need to take the following steps:
1. Obtain a verification code for device unbinding from the cloud server.
2. Execute the command on the device for sending the verification code to the cloud server.
3. Register the device on the cloud server.
Procedure
1. Enter system view.
system-view
2. Send the verification code for device unbinding to the cloud server.
cloud-management unbinding-code code
Display and maintenance commands for cloud connections
Execute display commands in any view.
|
Task |
Command |
|
Display cloud connection state information. |
display cloud-management state |
Cloud connection configuration examples
Example: Configuring a cloud connection
Network configuration
As shown in Figure 2, configure the device to establish a cloud connection with the cloud O&M platform.
Procedure
1. Configure IP addresses for interfaces, routes, security domains, and security policies. (Details not shown.)
2. Log in to the cloud O&M platform to add the serial number of the device to the platform. (Details not shown.)
3. Configure the domain name of the cloud O&M platform as ops.seccloud.h3c.com on the device.
<Device> system-view
[Device] cloud-management server domain ops.seccloud.h3c.com
|
|
NOTE: Make sure a DNS server is configured to translate the domain name of the cloud O&M platform. |
Verifying the configuration
# Verify that the device and the cloud O&M platform have established a cloud connection.
[Device] display cloud-management state
Cloud connection state : Established
Device state : Request_success
Cloud server address : 10.1.1.1
Cloud server domain name : ops.seccloud.h3c.com
Cloud connection mode : Https
Cloud server port : 19443
Connected at : Wed Jan 27 14:18:40 2018
Duration : 00d 00h 02m 01s
Process state : Message received
Failure reason : N/A
Last down reason : socket connection error (Details:N/A)
Last down at : Wed Jan 27 13:18:40 2018
Last report failure reason : N/A
Last report failure at : N/A
Dropped packets after reaching buffer limit : 0
Total dropped packets : 1
Last report incomplete reason : N/A
Last report incomplete at : N/A
Buffer full count : 0
