Built on a cutting-edge cloud-native architecture, H3C AD-NET solution can provide unified network control, orchestration, and management not only in a single scenario and but also across multiple scenarios including campus, data center, and WAN scenarios. The solution is powered by fine-grained data collection through SeerAnalyzer-Campus, along with AI-assisted big data analytics, driving AIOps capabilities in campus networks. It transforms the conventional Campus network into a SDN (software-defined networking) Campus. The solution converts campus networks from "users adapt to network" to "network adapt to users", enabling users to seamlessly travel within a campus and cross multiple campuses without needing to adjust network settings, ensuring an uninterrupted and consistent experience. By simplifying network deployment and maintenance, AD-Campus not only meets the growing demands of AI, mobility, and IoT but also provides a future-proof solution for today’s fast-evolving digital landscape.

In a traditional campus network, the IP address of a client changes as the client location changes. If a client roams to another location in the same campus network, its IP address, applicable network policies, and applicable security policies also change. This requires complex network planning, configuration, and tests.
With Uniform UX 1.0 (User Experience), the AD-Campus network separates network services from physical devices to decouple physical network and virtual network. It enables clients' resources (address, security, and isolated channel resources), network policies, and security policies to be retained after roaming, simplifying network maintenance and improving efficiency.

Based on Uniform UX 1.0, Uniform UX 2.0 introduces micro-segmentation and enables network decoupling, which can help users to upgrade networks to SDN networks with few changes on the live network.

Location decoupling
In traditional campus network solutions, services are tightly coupled with locations. Once the service location changes, the network needs to be adjusted. With services decoupled from the location, AD-Campus allows endpoints to move freely within the campus with stable services for which the network administrators do not need to perform any operations. This makes AD-Campus easy to use, flexible, and adaptable to the organization's changing network requirements. Also included in the location decoupling is the ability of AD-Campus to manage devices from multiple locations as well as the location of the AD-Campus platform that may span to multiple campuses.
Network decoupling
AD-Campus uses micro-segmentation to decouple roles from the network. All policies are deployed based on roles and role permissions are further classified, enabling role-based policy enforcement across campuses. This also enables service decoupling from networks and service isolation. Micro-segmentation assigns different permissions to users at the same location and allows a user to move around with the same permissions, IP address, and services.

One-click service deployment
AD-Campus provides default and allows customization of user policy templates. To deploy a service, you only need to drag and drop the policy template into the two-dimensional matrix. The service will then be deployed automatically without requiring you to execute any commands.
Role-based user behavior audit
In traditional campus networks, user behaviors are typically audited based on user's IP address. However, because user's address changes constantly when the user moves, it is difficult to audit the user based on the IP address. By implementing uniformed network settings across the network, AD-Campus binds the IP address to the user. No matter where the user moves, the IP address remains unchanged, enabling direct audit of users. AD-Campus is equipped to secure access control and data encryption to protect against unauthorized access and data breaches.
AD-Campus offers end-to-end, network-wide automation capabilities for campus networks to address various automation deployment requirements such as new construction, renovation, expansion, and fault replacement.
AD-Campus decouples configuration from devices, classifies devices across the network into four roles, and creates a configuration template for each device role. It enables automated device onboarding, automated service deployment, and automated faulty module replacement to provide ease of deployment, ease of scalability and rapid recovery from a failure. It also utilizes APIs for the automation and orchestration of network devices and services.

Automated device onboarding
AD-Campus’s comprehensive automation capability helps build both Ipv4 & Ipv6 campus network in the most effective way. AD-Campus classifies network-wide devices into four roles: spine, AGGR, leaf, and access, and uses the same configuration file for devices of the same role. It provides a configuration wizard which will guide you to create a configuration file without any command execution. It enables devices to load the configuration file automatically after they are powered on, greatly improving network deployment efficiency. OpenFlow, NETCONF, RESTCONF and SNMP protocols are used for flexibility in network design and ensuring compatibility with a wide range of SDN-enabled devices.

Automated service deployment
Focusing on user services, AD-Campus orchestrates and allocates network resources flexibly to enable uniform network settings and enforcement of policies across the network. It abstracts the network to shield the underlying complexity and enables simple and efficient configuration and management at the upper layer. It defines main network virtual objects so users can easily and flexibly construct their business systems simply by dragging and dropping virtual objects.

Automated faulty module replacement
After devices are powered on, the system identifies the newly added devices (including new devices that replace the faulty devices) automatically, deploys configurations to the devices based on their roles, and then incorporates them. With a precise replacement workflow, the system can restore the existing configuration of the replaced devices completely on new devices.

As IoT endpoints on campus networks grow exponentially in type and number, AD-Campus uses the intelligent IoT solution to enable fast and safe onboarding of IoT endpoints. When IoT endpoints start up, the intelligent IoT solution immediately identifies and onboards them and then automatically places them into isolated network groups. In addition, this solution provides a flexible authentication policy. It can perform precise MAC-based authentication for endpoints with known MAC addresses and also allows fast onboarding of endpoints with unknown MAC addresses by using the authentication-free scheme.

AD-Campus also incorporates H3C Endpoint Admission Defense (EAD) solution to proactively defend against security threats from end terminals and devices. AD-Campus can enforce security check policies, including untimely upgrade of system patches, virus definitions, use of private proxy servers, illegal external network access, and misuse of prohibited software, to identify potential security threats and respond quickly to block unauthorized network access.
AD-Campus solution provides unified management from multiple dimensions and can solve the issues existing in traditional campuses from multiple dimensions. AD-Campus dashboard is a single-pane-of-glass interface with a topology map that can provide network details such as health status, events, alarms, and other relevant information. This interface is centralized management and control of the network with a user-friendly interface for configuration, monitoring, and management of network devices, policies, and services. The topology map provides a traffic map that visualizes network utilization and bandwidth across all links including all the protocols used through the network and from the specific devices in real time. AD-Campus is equipped with centralized control plane that provides a unified view of the network topology and enable policy-based network management.

Unified management across multiple scenarios
AD-Campus can provide unified network control, orchestration, and management across multiple scenarios including the campus, data center, and WAN scenarios from one single management platform.
Unified management across multiple campuses
With the H3C multi-fabric solution, AD-Campus achieves unified management and control across multiple campuses and simplifies O&M. The multi-fabric solution can not only enable automated network deployment, unified policy configuration, and uniform policy enforcement across campuses, greatly reducing campus O&M complexity, but also enable local authentication, local forwarding, and regional autonomy to reduce inter-campus communication complexity and enable unchanged permissions for employees travelling across campuses. Hierarchical deployment can ensure high availability and fault tolerance to ensure continuous operation of the network even in the presence of hardware failures or software issues.
Network and security integration
AD-Campus supports integration of Network devices and Security firewalls, enables orchestration of network and security from the global perspective.
Unified management of wired and wireless services
At the management level, AD-Campus uses one set of management systems and provides unified topology display, unified authentication, and unified user group division for wired and wireless services. At the policy level, wireless data forwarding is completely moved from the AC to the switch. The service policies defined through the policy matrix are completely applicable to both wired and wireless traffic, and you are not required to define inter-group policies separately for wireless traffic so as to achieve unified wired and wireless policies.
Integration of PON
The support of PON (EPON and GPON) scenarios in AD-Campus, achieving unified management and O&M of wired/wireless/PON networks. It can not only make use of the advantages of AD-Campus control components and intelligent analysis components, but also fully utilize the advantages of PON technology such as simple operation and maintenance, high reliability, and low cost. It can meet the flexible access needs of various customers in the campus network and effectively reduce the cost and difficulty of deploying and operating the network.
Employing SeerAnalyzer-Campus in combination with telemetry technologies, AD-Campus brings visibility into the network status in real time. Assisted with big data analysis and AI learning algorithms, AD-Campus provides trend prediction and fast fault location, which greatly improves O&M efficiency and enables network administrators to focus more on services rather than complicated O&M workload.

All-round data acquisition
· With the distributed deployment architecture, SeerAnalyzer-Campus can expand data collection flexibly. The data analysis platform meets data collection needs of networks of any size.
· Incorporating second-level data collection capacity of gRPC Telemetry, SeerAnalyzer-Campus provides visibility to the network operating status in real time.
· SeerAnalyzer-Campus can collect network performance data for user access through Telemetry and playbacks the process with the data as needed.
· In addition to traditional network management data collection protocols, SeerAnalyzer-Campus supports varieties of advanced data collection technologies, allowing comprehensive or specific data collection as needed.
Big data-powered
· SeerAnalyzer-Campus uses big data technologies to implement massive data collection and distributed storage calculation that provides real-time visibility into network operating status and enables refined operation and maintenance.
· Relying on big data technologies, SeerAnalyzer-Campus can trackback historical network running state, which is helpful for locating faults and implementing operation and maintenance tasks such as performance analytics and behavior audit.
AI analytics
· Using distributed computing engines as well as AI algorithms, SeerAnalyzer-Campus can provide data analytics online and offline, to meet intelligent O&M analytics requirements in any scenarios.
· SeerAnalyzer-Campus enables visibility into the entire network status by all-round collection and analytics of data including network device status data, protocol message data, traffic forwarding data, user access data, and log data. Assisted with machine learning (ML) algorithms and the expert system, SeerAnalyzer-Campus can detect network faults in real time, locate fault causes intelligently, and guide administrators to fix issues.
· SeerAnalyzer-Campus can evaluate the quality of networks, user experiences, and applications based on AI analytics of massive data, and enhance network optimization and assurance.
· High-performance data acquisition, real-time expertise system, and AI algorithm calculation enable fault isolation environment verification, fault detection, impact verification, and isolated push for analytics.
· Through continuous AI analytics on historical network data, SeerAnalyzer-Campus can predict network faults and performance bottlenecks, and guide O&M personnel to intervene and plan in advance.
Collaborative analytics of network and service data
· SeerAnalyzer-Campus provides visibility into overall network health status through collaborative analysis of network device status data and network performance data. By utilizing QoS policies, AD-Campus can ensure that critical applications receive the necessary bandwidth, latency, and packet loss guarantees and to prevent congestion or performance degradation in the network.
· Provides full visibility into analytics on the operating status, faults, and risks of devices in the system plane, control plane, and data forwarding plane based on comprehensive, precise, and real-time metrics about the network devices.
· Collects network performance data throughout the network access process of users and conducts group analysis based on massive user data, to gain an insight into the network quality and identify network issues.
