Process of Implementing Cloud-based Management on Switches
In the Huawei Cloud Managed Network Solution, there are three phases from managed switch deployment to unified device management on the cloud management platform.
Phase 1: Switches Change Their Management Mode and Obtain the Cloud Management Platform's Address Information
This phase is the preparation phase in cloud-based management. Switches must first change from the traditional management mode to cloud-based management mode, and then obtain the cloud management platform's URL/IP address and port number. Now these switches are ready to communicate with the cloud management platform. Three methods are available to obtain the switch management mode and cloud management platform's address information, as described in Table 5-1.
Method |
Description |
Scenario |
Priority |
|---|---|---|---|
| Through a DHCP server | Option 148 is configured on a DHCP server to contain the device management mode and cloud management platform's address information. Switches obtain the information through the DHCP server. | This method applies to the cloud managed networks on which devices cannot communicate with the Huawei device registration query center. The cloud management platforms of these networks are often built by enterprises. | High priority. This method is preferred if switches can use multiple methods to obtain the switch management mode and cloud management platform's address information. |
| Through the registration query center | Switches use the Huawei device registration query center's URL and port number that are preconfigured or obtained through a software upgrade to access the registration query center and then obtain the device management mode and cloud management platform's address information based on their ESNs. |
This method applies to the cloud managed networks on which devices can communicate with the Huawei device registration query center. The cloud management platforms of these networks can be the Huawei public cloud management platform or other cloud management platforms, such as MSP-built (including enterprise-built) cloud management platforms. | Low priority |
Using commands or the web system |
Users manually configure the cloud management platform's address information on switches based on the learned cloud management platform information. | If switches cannot automatically change to the cloud-based management mode and dynamically obtain the cloud management platform's address information using the preceding two methods, manually configure the cloud management platform's address information on switches through commands or the web system. | Medium priority |
Phase 2: Switches Register with the Cloud Management Platform for Authentication
Switches obtain the cloud management platform's IP address or URL, register with the cloud management platform for authentication, and establish a NETCONF transmission channel. NETCONF transmission channels are established over the Secure Shell (SSH) protocol to ensure data transmission security. Therefore, the registration authentication process of switches is SSH-based certificate authentication. Before the authentication, the cloud management platform needs to import the ESN, device type, and CA certificate of each switch. Each switch has a local certificate and CA certificate configured before delivery.
For details about registration authentication on switches, see PKI Configuration in the S2720, S5700, and S6720 V200R013C00 Configuration Guide - Security Configuration.
- If a user redirects the cloud management platform's IP address on the controller of the cloud management platform, the switch immediately uses the redirect IP address to register with the cloud management platform again.
- If a user reconfigures a management VLAN on the controller of the cloud management platform, the switch immediately uses this management VLAN to send a request to a DHCP server to obtain the cloud management platform's new address information and registers with the cloud management platform for authentication.
Phase 3: Switches Are Unified Managed by the Cloud Management Platform
After a NETCONF transmission channel is established, the cloud management platform can manage and operate the switches. All the data exchanged between the cloud management platform and switches will be encrypted.
For details about how the cloud management platform manages switches, see the documentation of Huawei Cloud Managed Solution.