No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
CloudCampus Solution V100R019C10 Deployment Guide for Large- and Medium-Sized Campus Networks (Non-virtualization Scenario)
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Initial Configuration

Initial Configuration

Logging In to iMaster NCE-Campus as an MSP Administrator

Context

An MSP administrator can use a web browser to log in to the iMaster NCE-Campus web UI to perform system management and maintenance operations. The following web browsers are supported:

  • Google Chrome 57 or later

Procedure

  1. Open a browser.
  2. Enter https://iMaster NCE-Campus server IP address:port number in the address box, and press Enter.

    • The IP address of the iMaster NCE-Campus server is Northbound management IP specified when you install iMaster NCE-Campus.
    • The port number is 18008. The port number used for the login must be the same as that specified during the installation.
    • The method for logging in to an authentication component is the same as that for logging in to iMaster NCE-Campus.

  3. Ignore the security certificate warning and access the login page.

    When you log in to iMaster NCE-Campus using a browser, the browser performs unidirectional authentication on iMaster NCE-Campus based on the ER certificate. The Huawei ER certificate has been pre-configured during iMaster NCE-Campus installation. This certificate is used only for temporary communication and is not for commercial use. You can apply for a new ER certificate to update the preconfigured ER certificate to improve iMaster NCE-Campus communication security. You are advised to periodically update the certificate to prevent system security risks caused by certificate expiration. After the ER certificate is updated, the message indicating a security certificate error will not be displayed.

    • Google Chrome: Choose Advanced > Proceed to ... (unsafe).

  4. Enter the MSP name and password, and click Login.

    If LDAP is used to authenticate the MSP administrator, the user name for logging in to iMaster NCE-Campus is in the format of MSP administrator name/<LDAP USER NAME>, for example, the MSP account created on iMaster NCE-Campus is msp1@huawei.com, and the user name format is msp1@huawei.com/<LDAP USER NAME>.

  5. (Optional) Upon the first login, change the password and bind the email address as prompted. Skip this step if it is not your first login.

    • For security purposes, do not save your password in the browser.
    • If the system administrator has configured an email server and does not set an email address when creating an MSP administrator, an email address needs to be bound to the MSP administrator account upon MSP's first login.
    • If the system administrator has not configured an email server, no email address needs to be bound to an MSP administrator account upon MSP's first login.
    • When a sub-administrator account created by an MSP administrator logs in to iMaster NCE-Campus for the first time, no email address needs to be bound to the sub-administrator account.

  6. (Optional) Perform two-factor authentication. If a mobile number has been set, click Obtain Verification Code and enter the received verification code. You can log in to iMaster NCE-Campus after the verification succeeds. This step is not required if username and password authentication is selected when the system administrator creates the MSP administrator.
  7. (Optional) Sign the privacy statement.

    After the root MSP administrator has signed the privacy statement, the sub-MSP administrators created by this root MSP administrator need to sign the privacy statement as well when logging in to iMaster NCE-Campus for the first time.

    The login will fail if they do not sign the privacy statement.

Creating a Root Tenant

Context

A Root tenant is responsible for configuring and maintaining services on a tenant network.

Prerequisites

  • The tenant administrator created by the MSP can select the Username/Password or Username/Password + SMS verification code authentication mode. If Username/Password + SMS verification code is configured, you need to configure an SMS server in advance. For details, see Configuring an SMS Server.
  • When the system administrator creates an MSP administrator, the system administrator needs to enter user information such as the email address and mobile number, and creates a privacy statement for the user to sign. The privacy statement notifies the user that the information has been obtained and asks for the user's authorization. For details, see Managing Privacy Statements.

Procedure

  1. Log in to iMaster NCE-Campus as an MSP administrator.
  2. Choose Tenant Management > Tenant Management > Tenant Management.
  3. Click Create to configure tenant information. The tenant name must be different from existing accounts. Set Authorize MSP as required.

    After Authorize MSP is enabled, the Tenant Administrator role is attached to the MSP. In this manner, when the MSP administrator accesses the tenant portal to maintain tenant services, the MSP administrator has the rights of the Tenant Administrator role authorized by the tenant administrator.

    If Username/Password + SMS verification code is selected, enter the service phone number for receiving SMS messages.

    You need to create a privacy statement in advance. For details, see Managing Privacy Statements. Tenant administrators for which a privacy statement has been configured must sign the privacy statement as prompted when they log in to iMaster NCE-Campus. Otherwise, the login will fail.

    If Username/Password + SMS verification code is configured, the SMS verification code must meet the following requirements:

    • The validity period of a verification code is 5 minutes. If the validity period exceeds 5 minutes, you need to obtain a new verification code.
    • You cannot obtain a verification code multiple times within 1 minute. After 1 minute, you can click the verification code button again to resend a verification code SMS message. The previous verification code automatically becomes invalid.
    • The function of obtaining verification codes is locked for 10 minutes after five consecutive attempts.
    • If you enter an incorrect verification code for three consecutive times, the verification code becomes invalid and you need to obtain a new one.

  4. Click Next to configure tenant administrator information.

    For security purposes, keep the password secure and change it periodically.

    • Manually set a password when creating a user account.

      Set Password create mode to Manual. Then you can directly set a password when creating the account. You will be prompted to change the password when logging in to iMaster NCE-Campus for the first time. You can log in only after the password is changed successfully.

    • Create a password via email.

      Set Password create mode to Email. After the account is created, the system sends a URL to your email box. You can click the URL to configure a password for the account.

      • If you choose to create a password via email, configure an email server before creating an account. Otherwise, the system fails to send a URL to the specified email address. For details, see Configuring an Email Server
      • If a password is created via email, you do not need to change the password upon the first login to iMaster NCE-Campus.

  5. Click OK.

Follow-up Procedure

Table 6-14 Related operations of configuring tenant administrators

Operation

Procedure

Modifying information about a tenant administrator

Click in the Operation column to modify information about a tenant administrator.

Deleting a tenant administrator

Click in the Operation column to delete a tenant administrator.

NOTE:

After you delete a tenant, all existing data about this tenant including the tenant name, tenant administrator account, site, and tenant devices will be automatically deleted from iMaster NCE-Campus.

Viewing the privacy statement signed by a tenant administrator

If a tenant administrator has signed the privacy statement, click in the Operation column to view the time when the privacy statement is signed, and the name, version, and content of the privacy statement.

Parameter Description

Table 6-15 Tenant and tenant administrator

Parameter

Description

Tenant Information

Tenant name

Tenant name. The tenant's company name is recommended.

Number of administrator accounts

Maximum number of administrator accounts of the tenant.

Workgroup quantity

Maximum number of workgroup quantity of the tenant.

Address

Postal address of a tenant administrator, which is provided for easy contact by the system administrator.

Service mailbox

Email address of a tenant administrator, which provides easy contact with the tenant administrator. The email address must be correct.

Service phone number

Phone number of a tenant administrator, which provides easy contact with the tenant administrator. The phone number must be correct.

Login authentication mode

Select the authentication mode upon the login of the tenant administrator:

Username/Password: A tenant administrator only needs to enter the username and password to log in to the system. After the username and password are verified, the login is successful.

Username/Password + SMS verification code: When a tenant administrator logs in to the system and enters the username and password, the SMS verification page is displayed after the username and password are verified. The login is successful only after the SMS verification is successful.

Administrator Information

Account

Account used by a tenant administrator to log in to iMaster NCE-Campus. The account must be in the format of an email address, for example, xxx@xxx.com. You are advised to ask for an account from the tenant or apply for a valid email address and assign this email address to the tenant administrator.

Password create mode

Mode in which a password is created. The options are Manual and Email.

Password

Initial password used by a tenant administrator to log in to iMaster NCE-Campus for the first time. The initial password must be changed upon the first login.

Confirm password

Confirm password, which must be identical to that of Password.

Email

Email address used for password retrieval, message pushing, and other purposes. If this parameter is left empty, the account is used as the default email address. The email address must be valid.

Mobile Number

Used for two-factor authentication.

NOTE:

This parameter is configurable only when the authentication mode is set to Username/Password + SMS verification code.

Area

Country or area to which a tenant administrator belongs.

Managing Licenses

Table 6-16 License mode

License Mode

License Redistribution

Application Scenario

Role

Operation

Global permanent

Not supported

On-premises scenario

System administrator

Import license files of iMaster NCE-Campus and iMaster NCE-CampusInsight.

MSP administrator

View the license information.

Tenant administrator

View the license information.

Global subscription

Disabled

MSP-owned cloud scenario (MSP administrators do not need to centrally manage licenses.)

System administrator
  1. Select Global Subscription License and set License Redistribution to No upon the first login to iMaster NCE-Campus.
  2. Import license files of iMaster NCE-Campus and iMaster NCE-CampusInsight.

MSP administrator

N/A

Tenant administrator

N/A

Enabled

MSP-owned cloud scenario (MSP administrators need to centrally manage licenses.)

System administrator
  1. Select Global Subscription License and set License Redistribution to Yes upon the first login to iMaster NCE-Campus.
  2. Import license files of iMaster NCE-Campus and iMaster NCE-CampusInsight.
  3. Configure license packages of iMaster NCE-Campus and iMaster NCE-CampusInsight, and allocate them to MSP administrators.

MSP administrator

Distribute licenses to tenant administrators.

Tenant administrator

View the license information.

Tenant subscription

Disabled

Huawei public cloud Scenario (MSP administrators do not need to centrally manage tenant licenses.)

System administrator

Disable the license split function when creating an MSP administrator.

MSP administrator

Apply for license activation codes from the Electronic Software Delivery Platform (ESDP).

Tenant administrator

Purchase license activation codes from MSPs, and import the codes to iMaster NCE-Campus and iMaster NCE-CampusInsight.

Enabled

Huawei public cloud Scenario (MSP administrators need to centrally manage tenant licenses.)

System administrator

Enable the license split function when creating an MSP administrator.

MSP administrator

Apply for license activation codes from the ESDP, and import the codes to iMaster NCE-Campus and iMaster NCE-CampusInsight.

Tenant administrator

View the license information.

Managing Licenses in Global Subscription Mode with License Redistribution Enabled

Allocating Licenses (Global Subscription Mode + License Redistribution Enabled)

Context

If the system administrator has allocated license packages to an MSP administrator, the MSP administrator can allocate license resources to tenants for refined management.

The MSP administrator can assign license resources to tenants only after the system administrator logs in to iMaster NCE-Campus for the first time and sets the license mode to Global Subscription Mode and License Redistribution to Yes.

Prerequisites

The system administrator has allocated a license package to the MSP administrator. For details, see Managing Licenses (Global Subscription Mode + License Redistribution Enabled).

Procedure
  1. Choose System > Administrator > License Management from the main menu. The license management page is displayed. View information about the license package allocated by the system administrator to the MSP administrator and the license consumption information.

    Click the package name to view details about the package.

  2. Click Expiration Notification, enable Receive expiration notification, and configure the email addresses of recipients. Notification emails will be sent to the specified email addresses when a license is about to expire.

    • The system administrator must configure an email server before enabling Receive expiration notification. Otherwise, Receive expiration notification cannot be enabled. For details, see Configuring an Email Server.
    • A maximum of five email addresses can be configured. Email addresses need to be separated with line breaks.
    • If a license resource item is about to expire in less than 30 days, the system will send notification emails at 02:25 every day.
    • If license expiration notification is configured, the license expiration email is sent only to the email addresses specified in Notified object. In this case, you are advised to specify the email address of the tenant administrator in Notified object.

  3. Click the Tenant License tab and allocate license resources to tenants.

    1. Click on the left of a tenant to view the license status and resource consumption of the tenant.

    2. Click Create, click in the Package Name column to select a license package, and click OK.

    3. Configure the number of license resources (unit: device x day) and click . The license package is allocated to the tenant.

    4. (Optional) Click to freeze the license package. A frozen license package cannot be redistributed or used. Click to change the number of resources in the license package. Click to delete an allocated package.

      Freezing or deleting a license package will cause the related devices to go offline. Therefore, exercise caution when performing these operations.

    5. (Optional) Click Disable Strategy and set Unified deactivation time and Longest Arrears (days) of the license package.

      The license will be deactivated either at the deactivation time set in Disable Strategy or the actual expiration time of the license, whichever is earlier.

Follow-up Procedure

Log in to iMaster NCE-Campus as a tenant administrator and view the license resource status and consumption information. For details, see Viewing License Information (Global Subscription Mode + License Redistribution Enabled).

Managing Licenses in Tenant Subscription Mode with License Redistribution Enabled

Applying for a License

A tenant can purchase a license and obtain an activation code from a qualified MSP. Figure 6-1 shows the process.

Figure 6-1 License application process
  1. An MSP obtains a license activation code from the Electronic Software Delivery Platform (ESDP) using the contract ID or entitlement ID.

    1. Log in to the ESDP at https://app.huawei.com/isdp using an MSP administrator account.

      Huawei's ESDP supports both channel partner and enterprise GTS engineer roles.

    2. Choose Order Management > Entitlement Management from the navigation pane and query license information by Huawei contract ID or entitlement ID.

    3. Select an activation ID in the search result.

    4. Choose Manage POE > Preview PoE. The activation password is displayed in the window that is displayed.

  2. The tenant purchases an activation password from an MSP.
  3. The MSP sends the activation password to the tenant.

Splitting a License

Application Scenario

A license in an order can be split into multiple licenses. The new licenses can be used by multiple tenants.

Procedure

A license supporting 30 switches and four APs can be split into four licenses, with each license containing only one AP. The four licenses can be used by different tenants.

  1. Log in to the ESDP at https://app.huawei.com/isdp using an MSP administrator account.
  2. Choose Order Management > Entitlement Management from the navigation pane and query information about the license to be split by Huawei contract ID or entitlement ID.

  3. Select the desired license and choose Split Entitlement from the Split Entitlement drop-down list box.

    Only licenses whose Delivery Status is Ready can be split.

  4. On the Split Entitlement page, enter the number of new licenses and the number of devices in each license and click Next.

    Parameter

    Description

    Split Count

    Number of new licenses after the split.

    Total

    Total number of devices supported by the original order.

    Split Value

    Number of a single type of devices in each new license.

    Remaining After Split

    Remaining devices in the original license after the split.

  5. On the Confirm Split page, confirm license split information and click Split.

  6. In the Confirm dialog box, click OK.

    • Cloud management service licenses can only be activated on iMaster NCE-Campus.
    • On the Complete Split page, click View Split Result to view authorization information.

Activating and Allocating a License (Tenant Subscription Mode + License Redistribution Enabled)

Context

If the system administrator has enabled the Split licenses function when creating an MSP administrator, the MSP administrator can centrally import the activation code to activate the license and allocates license resources to each tenant based on the tenant's service requirements. In this case, tenants cannot import license resources by themselves.

  • The system administrator logs in to iMaster NCE-Campus for the first time and sets the license mode to Tenant Subscription Mode.
  • This task applies only to Huawei Public Cloud Scenario, in which the MSP obtains license activation codes from the Electronic Software Delivery Platform (ESDP) and allocates them to tenants.
Tenant subscription mode (TBL):
  • Coding mode: 8806
  • License consumption by time: After license expiration, iMaster NCE-Campus stops providing services.
  • License form: Number of devices x Number of available days
  • Example: A subscription license is similar to that of a monthly package. If a customer purchases a "10 device x day" license for S5700-LI series devices with 8 ports, one device of this model can be used for 10 days, two devices of this model can be used for 5 days, and so on. The total number of license units must be 10.
  • Deduction time: The system deducts and settles license resources at 02:00 every day.
Prerequisites
  • A tenant account has been registered.
  • The system administrator has enabled the Split licenses function.
  • The MSP administrator has applied for a license activation code.
  • If you need to import the activation code of the CampusInsight license to iMaster NCE-Campus, ensure that the CampusInsight license has been synchronized to iMaster NCE-Campus before iMaster NCE-Campus and CampusInsight are interconnected. For details, see Configuring Interconnection with iMaster NCE-CampusInsight.
Procedure
  1. Choose System > Administrator > License Management from the main menu.
  2. Import activation codes or authorization IDs to activate licenses. Either activation codes or authorization IDs need to be imported.

    • Click Import Activation Code.

      • Multiple activation codes need to be separated by line breaks.
      • The number of activation codes cannot exceed 10.
      • After iMaster NCE-Campus interconnects with CampusInsight, you can import the activation code of the CampusInsight license to iMaster NCE-Campus.
    • Click Import Auth ID.

      • Multiple authorization IDs need to be separated by line breaks.
      • The number of authorization IDs cannot exceed 10.

    Since the first-time registration of a device, the device starts to consume license resources. License consumption continues no matter whether the device is online or offline, or reports alarms. License deduction starts at 02:00 every day, and each device consumes one unit of license every day.

    In tenant subscription (splittable) mode, iMaster NCE-Campus does not provide 90-day common series resources for users by default.

  3. View the license status.

  4. (Optional) Click Recalculate Expiration Time and set a unified expiration time of license resources.

    The function of recalculating the license expiration time is not applicable to common series resources.

    Under a tenant, the expiration time of device licenses with the same device type is automatically recalculated when settlement is performed on a daily basis.

    Under a tenant, the expiration time of device licenses with different device types is not automatically recalculated. To recalculate the expiration time of such licenses, perform this step.

    This function allows you to configure a unified expiration time for resource items with different expiration time for easy management and resource integration. This operation cannot be rolled back.

    For example, there are three types of license resource items, including AR100 series: 10 device-days with 5 RMB per device-day; AR1200 series: 20 device-days with 10 RMB per device-day; and indoor AP series: 20 device-days with 20 RMB per device-day. Assume that iMaster NCE-Campus manages five AR100 series devices and 10 AR1200 series devices. You can click Recalculate Expiration Time to integrate license resources. The formulas are as follows: 10 x 5 + 20 x 10 + 20 x 20 = 650, 5 x 5 + 10 x 10 = 125 (consumption of all devices in a day), 650/125 = 5 R 25 (remainder 25). According to the calculation result, the license resources for AR100 and AR1200 series devices will expire in five days. The remaining 25 RMB will be added to the new license resource pool to be integrated in the next calculation.

    This function enables resource allocation to be more flexible. Resources that are in arrears can be integrated so that they can be used normally.

  5. Click Expiration Notification, enable Receive expiration notification, and configure the email addresses of recipients. Notification emails will be sent to the specified email addresses when a license is about to expire.

    • The system administrator must configure an email server before enabling Receive expiration notification. Otherwise, Receive expiration notification cannot be enabled. For details, see Configuring an Email Server.
    • A maximum of five email addresses can be configured. Email addresses need to be separated with line breaks.
    • If a license resource item is about to expire in less than 30 days, the system will send notification emails at 02:25 every day.
    • If license expiration notification is configured, the license expiration email is sent only to the email addresses specified in Notified object. In this case, you are advised to specify the email address of the tenant administrator in Notified object.

  6. Check the daily consumption of license resources.

  7. Click to view the detailed information about license activation codes or entitlement IDs.

    After a license is loaded successfully, you can view the software ID for SnS charging and authentication.

  8. Click the Tenant License tab and allocate license resources to tenants.

    1. Click on the left of a tenant. The license items for 54 types of products are displayed under each tenant, and the number of resources is 0.

    2. Click in the Operation column and configure the number of license resources required by the tenant (unit: device x day). Then click .

    3. (Optional) Click to freeze the license. A frozen license cannot be redistributed or used. Click to change the number of license resources.

      If you freeze the license, related devices will go offline. Therefore, exercise caution when performing this operation.

    4. (Optional) Click Disable Strategy and set Unified deactivation time and Longest Arrears (days) of the license package.

      The license will be deactivated either at the deactivation time set in Disable Strategy or the actual expiration time of the license, whichever is earlier.

Follow-up Procedure

Log in to iMaster NCE-Campus as a tenant administrator and choose System > System Management > License from the main menu to view the license resource status and consumption information.

Supplementary Tasks

Managing MSP Administrator Accounts

Context

If an MSP administrator created by the system administrator has all the rights of the MSP, this MSP administrator is called the root MSP administrator.

To ensure system security, the root MSP administrator can create multiple sub-MSPs and assign different rights to each sub-MSP by role.

Prerequisites

  • View MSP administrator account policies.

    Account policies have been configured on iMaster NCE-Campus by default. An MSP administrator can view account policies, for example, account length policy and account login policy.

    Choose System > Administrator > Administrator from the main menu, and click Account Policy to view MSP administrator account policies.

  • View MSP administrator password policies.

    Password policies have been configured on iMaster NCE-Campus by default. An MSP administrator can view password policies, for example, password complexity policy, password change interval policy, and character limitation policy.

    Choose System > Administrator > Administrator from the main menu, and click Password Policy, to view MSP administrator password policies.

    For security purposes, configure all password policies provided by iMaster NCE-Campus.

    If PCI authentication is required, modify account and password policies as follows:
    • Enable Disable unused accounts, and set Maximum number of consecutive idles days of account to 90. An account is disabled if the account has not logged in to the system at all for more than 90 days.
    • Set Invalid password monitoring period (min) to 30 in the Account Lockout Trigger Conditions area. In this case, if an account fails to log in to the system for five consecutive times within 30 minutes, the account is locked for 30 minutes.
    • Set Number of historical passwords that cannot be reused to 4.

  • Roles have been created.

    If functional rights of existing roles in the system do not meet requirements, you can create new roles before creating accounts or workgroup.

    Choose System > Administrator > Administrator from the main menu, and click the Role tab. Click Create, and select functional rights to create a role.

    By default, a system administrator has following roles. These roles cannot be deleted or modified.

    • MSP Administrator: The MSP administrator performs manager services and configurations.
    • Operator: The operator manages system service running.
    • Open Api Operator: The open API operator owns the privilege of open API services and configurations.

Procedure

  1. Choose System > Administrator > Administrator from the main menu.
  2. Click Create, and set parameters on the Create User page.

    For security purposes, keep the password secure and change it periodically.

    • Manually set a password when creating a user account.

      Set Password create mode to Manual and then set a password for the account. If Modify password first login is set to Yes, the user will be prompted to change the password when using this account to log in to iMaster NCE-Campus for the first time, and can successfully log in after changing the password.

    • Create a password via email.

      Set Password create mode to Email. After the account is created, the system sends a URL to your email box. You can click the URL to configure a password for the user account.

      • If you choose to configure a password via email, configure an email server before creating an account. Otherwise, the system fails to send a URL to the specified email address. For details, see Configuring an Email Server
      • If the password for a user account is configured via email, the user does not need to change the password upon the first login to iMaster NCE-Campus.

      Table 6-17 Description of parameters on the Create Account page

      Parameter

      Description

      Account

      Login account of a newly created administrator.

      User type
      • LOCAL: Local users can log in to iMaster NCE-Campus only from the web UI.
      • THIRD-PARTY SYSTEM ACCESS: A third-party system access user calls the northbound API /controller/v2/tokens to log in to iMaster NCE-Campus.
        NOTE:
        • If the user type is Third-party system access, the user can log in to iMaster NCE-Campus only by API call.
        • If the user type is Local, the user can log in to iMaster NCE-Campus only from the web portal.
        • In an upgrade scenario, the user type is changed from Local or Third-party system access to Both. When the user type is Both, the user can log in to iMaster NCE-Campus either by API call or from the web portal.

      Password create mode

      Mode in which a password is created. The options are Manual and Email.

      Password

      Initial login password of the newly created administrator.

      NOTE:
      • This parameter is displayed only when User Type is Local.
      • If the password creation mode is set to Email, you must enter a valid email address. After the account is created, the system sends a link to the mailbox. You need to click the link to configure the account and password.
      • In this mode, you do not need to change the password when you log in to iMaster NCE-Campus for the first time.

      Confirm password

      Modify password first login

      Whether to change the password upon first time login.

      Mobile number

      Email address of an MSP, which is provided for easy and prompt contact by Tenants under the MSP.

      Email address

      Phone number of an MSP, which is provided for easy and prompt contact by Tenants under the MSP.

      Role

      Selected the role from the drop-down list.

  3. On the Managed Object page that is displayed, select the accounts to be managed by the MSP administrator, and click Next. By default, Select All Resources is enabled. In this case, the MSP administrator can manage all tenants. If you disable Select All Resources, you can select the tenants to be managed by the MSP administrator. In addition, select a role that is authorized by the tenant administrator to the MSP administrator. When the MSP administrator accesses the tenant Portal to maintain tenant services, the MSP administrator has the rights of the role authorized by the tenant administrator.

  4. On the Access Control page that is displayed, click Create. Set the allowed IP address range, and click OK.

    After the IP address range is added, the account can use only an IP address within this range to log in to iMaster NCE-Campus. If no IP address range is added, the account can use any IP address to log in to iMaster NCE-Campus.

    After logging in to iMaster NCE-Campus using this account, choose System > System Management > Account Information from the main menu. On the Access Control page that is displayed, maintain the IP address range.

  5. Click OK. The account is created successfully.

Follow-up Procedure

  • Modify the account information, reset the password, and disable or enable an account.
    1. Choose System > Administrator > Administrator from the main menu.
    2. In the Operation column, click to modify the account information, click to reset the password, click to disable an account, and click to enable an account that has been disabled.

  • Delete an account.
    1. Choose System > Administrator > Administrator from the main menu.
    2. Select an account and click Delete.

  • Transfer workgroup administrator rights.

    If the administrator of a workgroup is changed, an upper-level administrator can transfer the corresponding rights to another administrator.

    Workgroup administrators can transfer their rights to the administrators created by themselves. Before transferring rights of a work administrator, ensure that the workgroup administrator has created an administrator account.

    • This operation can only be performed on level-1 sub-workgroups of the workgroup to which the current user belongs and cannot be performed on the workgroups of level 2 or higher.
    • If workgroup administrators remain online after their rights are transferred, they will be forced offline and has no rights.
    1. Choose System > Administrator > Administrator from the main menu. Click the User tab.
    2. Click Select, select the desired workgroup, and click OK.

      Select a desired account and click Hand Over to enable this account to become the new workgroup administrator.

      The new account must be an administrator account created by the old workgroup administrator account.

      If the icon is moved to the right of the new administrator account, the rights are transferred successfully.

  • Set a user group.

    User groups are used to interconnect iMaster NCE-Campus with third-party services, such as the Active Directory Federation Services (ADFS), NetIQ, LDAP server, AD server, and RADIUS server.

    Choose System > Administrator > Administrator from the main menu, click the User Group tab, and click Create to create a user group.

    Click Next to select the managed objects of the user group.

    Only users with the MSP administrator rights can configure user groups.

  • Configure personal settings.

    Personnel settings improve the access security of iMaster NCE-Campus. This function takes effect only for the current user.

    • Set the number of concurrently online users.
      1. Choose System > System Management > Account Information from the main menu.
      2. On the Basic Information page, set Max. concurrent users and click . The value 0 indicates there is no limit on the maximum number of concurrent online users.

    • Modify the password.
      1. Choose System > System Management > Account Information from the main menu.
      2. On the Basic Information page, click behind the password. In the dialog box that is displayed, set a new password.

    • Adjust the range of IP addresses that can be used by the current account to log in to iMaster NCE-Campus.

      Click Access Control tab. On the Access Control page, set the IP address range and click OK. If no IP address range is set, there is no limit on the login IP address range of the current account.

    • Set the idle timeout interval.

      To prevent other personnel from performing unauthorized operations when the administrator leaves, iMaster NCE-Campus provides the function of setting the idle timeout interval of the administrator. If an administrator does not perform any operation within the specified interval, the account will be automatically logged out. To perform further operations after the account is logged out, the administrator must log in to iMaster NCE-Campus again.

      Choose System > Administrator > Administrator from the main menu, click , set the idle time, and click OK.

    • Check online users.

      Choose System > Administrator > Administrator from the main menu and click the Online User tab.

  • Check whether you have signed a privacy statement.
    1. Choose System > System Management > Account Information from the main menu.
    2. On the Basic Information page, check whether you have signed the privacy statement.
      • If Sign privacy statement is Not signed, you have not signed the privacy statement.
      • If Sign privacy statement is Signed, you have signed the privacy statement.
  • Withdraw a privacy statement.
    To withdraw your consent to this privacy statement, click Cancel next to Sign privacy statement and click OK in the Warning dialog box that is displayed.

    You will be logged out if you withdraw the consent to the privacy statement. In addition, your mobile number and email address will be deleted from the controller. This may affect your login or password retrieval. Exercise caution when performing this operation.

Configuring an Email Server

Context

If iMaster NCE-Campus needs to send emails to users, you need to configure an email server first.

iMaster NCE-Campus needs to send emails in the following scenarios:

  • The MSP administrator or tenant administrator forgets the password: iMaster NCE-Campus sends a reset password to the administrator through an email.
  • The tenant administrator performs alarm settings on iMaster NCE-Campus: iMaster NCE-Campus sends emails to notify users of reported alarms.
  • The tenant administrator wants to use the email-based deployment function: iMaster NCE-Campus needs to send deployment emails to related personnel.
  • Tenants want to register accounts by themselves: iMaster NCE-Campus sends an email containing an activation link to the tenants.
  • The MSP administrator inspects tenant devices: iMaster NCE-Campus sends the inspection report to the administrator's mailbox, if needed.
  • The MSP administrator deletes ESNs or devices: iMaster NCE-Campus sends a notification email to the tenant administrator, if needed.
  • A tenant license is about to expire: iMaster NCE-Campus sends a notification email to a tenant.
  • When portal authentication is configured for guest access, you need to set the approver notification mode or guest notification mode to email notification.

The system administrator has configured an email server for sending emails. If the MSP administrator wants to use another email server, the MSP administrator needs to configure an email server separately.

If both the system administrator and MSP administrator have configured an email server, the email server configured by the MSP administrator is used preferentially. If the email server configured by the MSP administrator is not found, the email server configured by the system administrator is used.

Procedure

  1. Upload an email server certificate.

    1. Contact the SMS server provider to obtain a certificate file.
    2. Choose System > System Management > Certificate Management from the main menu.
    3. Choose Service Certificate Management from the navigation pane. On the Services page, click CampusBaseServiceServerConfigMoudle.
    4. Click the Trust Certificate tab and click Import. On the displayed page, enter the certificate information, select the desired email server certificate, and click Submit to upload the certificate to iMaster NCE-Campus.

  2. Choose System > System Management > Third-Party Service from the main menu.
  3. Set parameters for connecting to the email server.

    If the email server uses a third-party CA certificate, you are advised to disable Validate server certificate.

  4. Click Test to verify the email sending function.

    • If the message "The test succeeds" is displayed and the mailbox receives the test email, the configuration is successful. Click Save.
    • If the message "The test succeeds" is displayed but the mailbox does not receive the test email, check whether the email function of the SMTP server is normal.
    • If the message "Failed to connect to the email server" is displayed, check whether the above parameters are correctly configured.
      • Affected by the network quality and performance of the SMTP server, the time of receiving emails will be delayed within two minutes.
      • Some SMTP providers set the right control for third-party application access. If the test fails, check whether the function of controlling third-party application access is enabled on the SMTP server and set password to the authentication password of the SMTP server.
      • Limited by security policies of email service providers, administrators may fail to receive emails in some scenarios. If no email is received, log in to the email service website or contact the email service provider to check whether the email is returned or other exceptions occur. Alternatively, replace the email server and try again.

Parameter Description

Table 6-18 Parameters on the Email Server tab page

Parameter

Description

SMTP address

SMTP address of the mailbox from which emails are sent. The address must be an IP address or in the smtp.mail.com format.

NOTE:

SMTP is short for Simple Mail Transfer Protocol. SMTP is mainly used to transfer system emails and provide email notifications.

Port

Port number of the SMTP service provided by the email server. You can obtain the port number from the email service provider. By default, the port number is 25.

Secure connection

Whether secure connection is enabled.

Encryption connection type

Protocol for establishing an encrypted communication link between iMaster NCE-Campus and the SMTP server. This parameter is available only when Secure connection is selected.

NOTE:

Secure protocol TLSv1.2 is recommended. TLSv1.0 and TLSv1.1 are insecure protocols; therefore, exercise caution when using them.

Validate server certificate

For security purposes, select Secure connection and Validate server certificate. Select certificate.

Certificate File

Certificate file of the email server. This certificate ensures communication security between iMaster NCE-Campus and the email server.

Authentication

Whether to enable the email account and password authentication.

Account

The two parameters are valid only when Authentication is selected.

User name and password for logging in to the SMTP server.

Password

Sender Email

Sender email address, which must have been registered on the email server. During the email test, this address is used as a recipient email address. After the connectivity test is successfully performed and the configurations are saved, this address is used as the sender email address.

Customized email subject

Email subject. An administrator can customize the prefix and suffix of the email subject. When an email is sent, the prefix and suffix are automatically added before and after the email subject.

Customized email signature

Email signature. An administrator can customize the email signature, and the signature is automatically attached to emails.

Configuring an SMS Server

Context

You need to configure the SMS service if SMS authentication is required.

Before configuring the SMS service, you need to configure an SMS platform to specify the SMS gateway and configure account information based on the SMS platform to send SMS messages.

  • SMS platform: You need to set parameters about a third-party SMS platform on iMaster NCE-Campus according to the information provided by the SMS platform. For details, see the interface document of the third-party SMS platform.
  • SMS server: You need to set parameters for interworking between iMaster NCE-Campus and a third-party SMS platform. After the interconnection is successful, iMaster NCE-Campus can send SMS messages.

    By default, the system is pre-configured with the following SMS server connection parameters:

    • fungo: http://qxt.fungo.cn/Recv_center. This is the SMS platform of fungo.cn (Beijing, China).
    • twilio: https://api.twilio.com:8443/2010-04-01/Accounts/{USERNAME}/Messages.json. To use this SMS server, access www.twilio.com and apply for an account.
  • If the system administrator has configured an SMS server and enabled, MSP administrators can use the SMS server configured by the system administrator. Otherwise, they cannot use the SMS server configured by the system administrator and need to configure an SMS server on their own.

    If a MSP administrator wants to configure an SMS server, the tenant administrator needs to contact the system administrator to configure the SMS platform information. Only the system administrator can configure the SMS platform information. For detail, see Configuring an SMS Server.

    If you do not want to use the SMS server configured by the system administrator, you can configure an SMS server as needed.

Prerequisites

The system administrator has created an SMS server template.

Procedure

  1. Import an SMS server certificate.

    1. Contact the SMS server provider to obtain a certificate file.
    2. Log in to iMaster NCE-Campus as a system administrator and choose System > System Management > Certificate Management from the main menu.
    3. Choose Service Certificate Management from the navigation pane. On the Services page, click CampusBaseServiceServerConfigMoudle.
    4. Click the Trust Certificate tab and click Import. On the displayed page, enter the certificate information, select the desired SMS server certificate, and click Submit to upload the certificate to iMaster NCE-Campus.

  2. Choose System > System Management > Third-Party Service and click the SMS Server tab.
  3. Select an SMS Platform, and configure the related data.

    HTTPS is recommended because it is more secure than HTTP.

    • Set SMS Service type to HTTP SMS Service and select fungo from the SMS platform drop-down list box.

    • Set SMS Service type to HTTP SMS Service and select twilio from the SMS platform drop-down list box.

    • Set SMS Service type to SMPP SMS Service and select the created SMS template from the SMS platform drop-down list box.

  4. Click Test to verify validity of the SMS message sending function.

    • If the test succeeds, the message "The test succeeds" is displayed, and you can receive the test SMS message from iMaster NCE-Campus.
    • If the test fails, the message "Failed to test the SMS serve" is displayed. Perform operations according to the scenarios:
      • If an error code is displayed in the dialog box, check the product documentation of the SMS service provider for the cause of the error, and obtain the troubleshooting method.
      • If no error code is displayed in the dialog box, contact the system administrator to check the URL specified in the SMS server template to see whether the SMS server is reachable.

  5. After the test is successful, click Save.

Parameter Description

Table 6-19 HTTP SMS server

Parameter

Description

SMS platform

SMS template. Administrators can configure an SMS server template to specify an SMS gateway.

By default, the following SMS server connection parameters are pre-configured on iMaster NCE-Campus:

  • fungo: http://qxt.fungo.cn/Recv_center. This is the SMS platform of fungo.cn (Beijing, China).
  • twilio: https://api.twilio.com:8443/2010-04-01/Accounts/{USERNAME}/Messages.json. To use the SMS service provided by twilio, access www.twilio.com and apply for an account.

To use the SMS service provided by another carrier, you can create an SMS platform template as needed.

Account

Account obtained during SMS service application.

Token

Password obtained during SMS service application.

NOTE:

For system and user security purposes, it is recommended that the password provided by a third party meet the complexity requirements.

SMS message signature

Signature of SMS messages.

Send number

Number obtained from the SMS service provider, used to check whether the number for sending SMS messages is correct. This parameter is configurable only when the twilio template is selected.

Inheritance

When this function is enabled and neither the MSP administrator nor the tenant administrator configures an SMS server, the SMS server configured by the system administrator is used. When this function is disabled, MSPs and tenants cannot use the SMS server configured by the system administrator.

Test number

Number for sending a test SMS message. The value can be any available mobile number.

Test SMS message

Content in a test SMS message.
Table 6-20 SMPP SMS server

Parameter

Description

SMS platform

SMS platform template. Administrators can configure an SMS platform template to specify an SMS gateway.

System id

SMS server ID obtained during SMS service application.

Password

Password obtained during SMS service application.

Source number

Number obtained from the SMS service provider, used to check whether the number for sending SMS messages is correct.

Inheritance

When this function is enabled and neither the MSP administrator nor the tenant administrator configures an SMS server, the SMS server configured by the system administrator is used. When this function is disabled, MSPs and tenants cannot use the SMS server configured by the system administrator.

Test number

Number for sending a test SMS message. The value can be any available mobile number.

Test SMS message

Content in a test SMS message.

Configuring Two-Factor Authentication

Two-factor authentication is a security check process. Users must provide dual identity certificates before logging in to the system. This method improves security and prevents online attacks. Even if passwords are stolen or leaked, two-factor authentication can prevent attackers from accessing accounts. In addition, login notifications can also warn users of unauthorized access to their accounts.

iMaster NCE-Campus supports two-factor authentication based on user name and password authentication and SMS authentication.

Context

To configure SMS authentication, perform the following steps:
  1. Set the mobile number. After logging in to iMaster NCE-Campus you can bind a mobile number to your account. After you enter a mobile number, iMaster NCE-Campus checks whether the format of the mobile number meets the requirements (a string of 1 to 20 digits) and whether the mobile number can be bound to the current account. Only a mobile number that has no account bound supports account binding. If the mobile number meets the preceding requirements, you can apply for a verification code. The mobile number can be changed after being set.
  2. Enable SMS verification upon login. After setting the mobile number, you can enable SMS verification upon login to implement two-factor authentication upon login. Before enabling SMS verification upon login, ensure that the mobile number has been set.

After you click to obtain an SMS verification code, no SMS message may be received due to poor network signals or mobile phone issues. In this case, you can obtain a new verification code one minute later. The validity period of a verification code is five minutes. A user will be locked for 10 minutes if the user applies for another verification code before the current verification code expires and fails to be authenticated after applying for more than five consecutive verification codes.

Prerequisites

iMaster NCE-Campus has connected to an SMS gateway.

Setting a Mobile Number

  1. Choose System > System Management > Account Information from the main menu, and click Basic Information.
  2. Click to the right of Mobile number. In the displayed window, complete the verification as prompted to bind the current account to the mobile number.

  3. Click Modify next to SMS verification upon login. In the displayed window, enable SMS verification upon login and complete the verification using the SMS verification code.

Verification

After configuring SMS authentication, perform the following operations to check whether the configuration is successful.

  1. Log out and log in to iMaster NCE-Campus again. After the user name and password are verified successfully, the Login Verification page is displayed.
  2. Click Obtain Verification Code. After receiving an SMS verification code, enter it and click Confirm. If you log in to iMaster NCE-Campus successfully, the configuration is successful.

Translation
简体中文
Download
Updated: 2021-04-29

Document ID: EDOC1100141247

Views: 121114

Downloads: 625

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :