No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Device Management

S1720, S2700, S5700, and S6720 V200R011C10

This document describes the principles and configurations of the Device Management features, and provides configuration examples of these features.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Understanding Cloud-based Management

Understanding Cloud-based Management

Basic Concepts

  • Cloud management platform: is a core component in the Huawei Cloud Managed Network Solution. It uniformly manages Huawei network devices, such as access points (APs), access routers (ARs), switches, and firewalls. The cloud management platform can implement unified multi-tenant management, allow plug-and-play network devices, support batch network service deployment, and provide Application Programming Interfaces (APIs) to interoperate with 3rd-party platforms for value-added service expansion.

  • NETCONF: is an XML-based network management protocol. In the Huawei Cloud Managed Network Solution, the cloud management platform uses NETCONF to manage Huawei network devices. NETCONF provides a programmable method to configure and manage network devices. It was defined in RFC 4741 by the Internet Engineering Task Force (IETF) and revised in RFC 6241. NETCONF-enabled network devices provide standard APIs for application developers to develop customized network management software on third-party software. This network management software facilitates network device management.

  • Registration center: is a main component in the Huawei Cloud Managed Network Solution. It allows querying device management mode and home cloud management platform. According to the query result, a device determines whether to change to the cloud-based management mode and which cloud management platform it must register with.

  • Cloud-based management mode: is the device management mode of switches in cloud-based management state. Switches work in traditional management mode by default. To implement unified network cloud platform management, you must first change switches to the cloud-based management mode.

Process of Implementing Cloud-based Management on Switches

In the Huawei Cloud Managed Network Solution, there are three phases from managed switch deployment to unified device management on the cloud management platform.

  1. Switches change their management mode and obtain the cloud management platform's address information.

    This phase is the preparation phase in cloud-based management. Switches must first change from the traditional management mode to cloud-based management mode, and then obtain the cloud management platform's URL/IP address and port number. Now these switches are ready to communicate with the cloud management platform. Three methods are available to obtain the switch management mode and cloud management platform's address information, as described in Table 11-1.

    Table 11-1  Methods to obtain the switch management mode and cloud management platform's address information

    Method

    Description

    Scenario

    Priority

    Through a DHCP server Option 148 is configured on a DHCP server to carry the device management mode and cloud management platform's IP address. Switches obtain the information through the DHCP server. This method applies to the cloud managed networks on which devices cannot communicate with the Huawei device registration query center. The cloud management platforms of these networks are often built by enterprises.

    High priority. This method is preferred if switches can use multiple methods to obtain the switch management mode and cloud management platform's address information.

    Through the registration center

    Switches use the Huawei device registration query center's URL and port number that are preconfigured or obtained through a software upgrade to access the registration center and then obtain the device management mode and cloud management platform's address information based on their ESNs.

    This method applies to the cloud managed networks on which devices can communicate with the Huawei device registration query center. The cloud management platforms of these networks can be the Huawei public cloud management platform or other cloud management platforms, such as MSP-built (including enterprise-built) cloud management platforms.

    Low priority

    Using commands or web system

    Users manually configure the cloud management platform's address information on switches based on the learned cloud management platform information. If switches cannot automatically change to the cloud-based management mode and dynamically obtain the cloud management platform's address information using the preceding two methods, manually configure the cloud management platform's address information on switches.

    Medium priority

  2. Switches register with the cloud management platform for authentication.

    Switches obtain the cloud management platform's IP address or URL, register with the cloud management platform for authentication, and establish a NETCONF transmission channel. NETCONF transmission channels are established over the Secure Shell (SSH) protocol to ensure data transmission security. Therefore, the registration authentication process of switches is SSH-based certificate authentication. Before the authentication, the cloud management platform needs to import the ESN, device type, and CA certificate of each switch. Each switch has a local certificate and CA certificate configured before delivery.

    For details about registration authentication on switches, see "PKI Configuration" in the S1720, S2700, S5700, and S6720 V200R011C10 configuration Guide - Security Configuration.

    NOTE:

    After a switch registers with the cloud management platform for authentication, the switch uses the redirect IP address to register with the cloud management platform again immediately if a user redirects the cloud management platform's IP address on the controller of the cloud management platform.

  3. Switches are unified managed by the cloud management platform.

    After a NETCONF transmission channel is established, the cloud management platform can manage and operate the switches. All the data exchanged between the cloud management platform and switches will be encrypted.

    For details on how the cloud management platform manages switches, see the documentation of the Huawei Cloud Managed Network Solution.

How to Change the Device Management Mode and Obtain the Cloud Management Platform's Address Information Through a DHCP Server

In the Huawei Cloud Managed Network Solution, DHCP can implement plug-and-play deployment of switches, removing the need to manually change the switch management mode and configure the cloud management platform's address information. In Figure 11-1, the administrator needs to deploy the DHCP server function on the network egress gateway or deploy an independent DHCP server on the network, and then configure DHCP Option 148, including the cloud-based management mode and cloud management platform's IP address/URL and port number. After a switch connects to the network, it initiates a request to the DHCP server to change its management mode and obtain the cloud management platform's address information. After the DHCP server receives the request, it replies with a DHCP packet carrying Option 148. The switch receives this DHCP packet, changes from the traditional management mode to the cloud-based management mode, and restarts. After the switch restarts, all its configurations are cleared. Therefore, the switch needs to send a DHCP request again to obtain the cloud management platform's address information. The DHCP server then sends a DHCP packet carrying Option 148 to the switch again. The switch obtains the cloud management platform's IP address/URL and port number and registers with the cloud management platform for authentication.

In step 6 of Figure 11-1, the switch's management IP address can also be obtained.

Figure 11-1  Changing the device management mode and obtaining the cloud management platform's address information through a DHCP server

How to Change the Device Management Mode and Obtain the Cloud Management Platform's Address Information Through the Registration Center

In addition to using DHCP, switches can change their device management mode and obtain the cloud management platform's address information through the registration center. In the network shown in Figure 11-2, the cloud management platform needs to establish an HTTP2.0 connection with the registration center and synchronize information about the devices to be managed; switches need to establish an HTTP2.0 connection with the registration center, change their device management mode, and obtain the cloud management platform's address information.

Before a switch establishes a connection with the registration center, the switch obtains its management IP address from the DHCP server. The egress gateway shown in Figure 11-2 can also function as a DHCP server.

Figure 11-2  Cloud managed network including the registration center

The cloud management platform establishes an HTTP2.0 connection with the registration center.

In Figure 11-3, administrators import new device information, including the ESN and device type, into the cloud management platform, and then the cloud management platform initiates an HTTP request to the Huawei device registration query center to upload the information. After the Huawei device registration query center receives the request, it performs bidirectional authentication and establishes an HTTP2.0 connection with the cloud management platform. After the HTTP2.0 connection is established, the cloud management platform uploads the new devices' ESNs and the cloud management platform's address information to the Huawei device registration query center.

Figure 11-3  Cloud management platform establishing an HTTP2.0 connection with the registration center

Switches establish an HTTP2.0 connection with the registration center.

All the switches that are delivered most recently and support cloud-based management will have the Huawei device registration query center's URL (register.naas.huawei.com) and port number (10020) preconfigured. The switches that were delivered earlier and support cloud-based management do not have this URL (register.naas.huawei.com) and port number (10020) preconfigured and can be upgraded to the latest software version to obtain default settings. In Figure 11-4, after a switch connects to the network, it initiates an HTTP request to the registration center. The switch and registration center then establish an HTTP2.0 connection for bidirectional authentication. After the connection is established, the switch sends a request packet carrying its ESN to the registration center. The registration center receives the request packet, finds the corresponding ESN in the system, and sends a response packet carrying cloud management mode information to the switch. Based on the information carried in the response packet, the switch changes from the traditional management mode to the cloud-based management mode and restarts. After the restart, the switch sends an HTTP request again and then establishes an HTTP2.0 connection with the registration center for bidirectional authentication. The switch obtains the cloud management platform's address information based on its ESN to register with the cloud management platform for authentication.

Figure 11-4  Switches establishing an HTTP2.0 connection with the registration center
Translation
Download
Updated: 2019-09-23

Document ID: EDOC1000178167

Views: 197635

Downloads: 946

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next