No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


CloudEC V600R019C00 Security Maintenance (Enterprise On-premises, Only Conference)

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Overall Security Inspection

Overall Security Inspection

The CloudEC on-premises conference-only solution is an IP-based application. All components have IP interfaces and connect to basic IP network devices (such as switches, routers, and firewalls). The IP network security has a great impact on the CloudEC on-premises conference-only solution security. You must consider the IP network security when designing the network and maintain the IP network security after deploying the CloudEC on-premises conference-only solution.

Many factors affect the network design and security maintenance, for example, the industry security requirement, network scale, network access mode, and network application. This topic describes how to maintain the network security for a typical large- and medium-sized enterprise.

Figure 4-1 Security network

The CloudEC on-premises conference-only solution is divided into three zones for different security measures.

  • Untrusted zone

    Mainly refers to the Internet. For the CloudEC on-premises conference-only solution, user requests from this zone are not trusted and need to be filtered by an external firewall.

  • DMZ

    Isolates the enterprises' internal service system from the untrusted zone. Clients such as the TE Desktop and TE Mobile from external networks access the the SBC or SC in the DMZ, and interact with the servers in the core zone through servers in the DMZ.

  • Trusted zone

    Isolated from servers in the DMZ and untrusted zones. External users cannot access the trusted zone. The trusted zone mainly contains employees' office devices and devices in conference rooms. The TE Desktop, TE Mobile, fixed-line phones, telepresence endpoints, terminals, SMC2.0, and MCU provided by the CloudEC on-premises conference-only solution are deployed in this zone.

Updated: 2019-08-07

Document ID: EDOC1100059091

Views: 17976

Downloads: 10

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Previous Next