No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
CloudCampus Solution V100R019C10 Deployment Guide for Large- and Medium-Sized Campus Networks (Virtualization Scenario)
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Initial Configuration

Initial Configuration

Logging in to and Configuring the License Mode

Context

After iMaster NCE-Campus is installed, an administrator can use a web browser to log in to the iMaster NCE-Campus web UI to perform system management and maintenance operations. The following web browsers are supported:

  • Google Chrome 57 or later

Procedure

  1. Open a browser.
  2. Enter https://iMaster NCE-Campus server IP address:port number in the address box, and press Enter.

    • The IP address of the iMaster NCE-Campus server is Northbound management IP specified when you install iMaster NCE-Campus.
    • The port number is 18008. The port number used for the login must be the same as that specified during the installation.
    • The method for logging in to an authentication component is the same as that for logging in to iMaster NCE-Campus.

  3. Ignore the security certificate warning and access the login page.

    When you log in to iMaster NCE-Campus using a browser, the browser performs unidirectional authentication on iMaster NCE-Campus based on the ER certificate. The Huawei ER certificate has been pre-configured during iMaster NCE-Campus installation. This certificate is used only for temporary communication and is not for commercial use. You can apply for a new ER certificate to update the preconfigured ER certificate to improve iMaster NCE-Campus communication security. You are advised to periodically update the certificate to prevent system security risks caused by certificate expiration. After the ER certificate is updated, the message indicating a security certificate error will not be displayed.

    • Google Chrome: Choose Advanced > Proceed to ... (unsafe).

  4. Enter the default administrator name admin, and click Login.

    The default username and password are available in iMaster NCE-Campus Default Usernames and Passwords (Enterprise Network or Carrier). If you have not obtained the access permission of the document, see Help on the website to find out how to obtain it.

  5. (Optional) Upon the first login, change the password as prompted. Skip this step if it is not your first login.

    For security purposes, do not save your password in the browser.

  6. (Optional) Select the license management policy upon first login. Skip this step if it is not your first login.

    Exercise caution when selecting a license management policy, because they cannot be modified after being selected. To modify the license mode, you need to reinstall iMaster NCE-Campus.

    Table 5-1 License mode

    License Mode

    License Redistribution

    Application Scenario

    Role

    Operation

    Global permanent

    Not supported

    On-premises scenario

    System administrator

    Import license files of iMaster NCE-Campus and iMaster NCE-CampusInsight.

    MSP administrator

    View the license information.

    Tenant administrator

    View the license information.

    Global subscription

    Disabled

    MSP-owned cloud scenario (MSP administrators do not need to centrally manage licenses.)

    System administrator
    1. Select Global Subscription License and set License Redistribution to No upon the first login to iMaster NCE-Campus.
    2. Import license files of iMaster NCE-Campus and iMaster NCE-CampusInsight.

    MSP administrator

    N/A

    Tenant administrator

    N/A

    Enabled

    MSP-owned cloud scenario (MSP administrators need to centrally manage licenses.)

    System administrator
    1. Select Global Subscription License and set License Redistribution to Yes upon the first login to iMaster NCE-Campus.
    2. Import license files of iMaster NCE-Campus and iMaster NCE-CampusInsight.
    3. Configure license packages of iMaster NCE-Campus and iMaster NCE-CampusInsight, and allocate them to MSP administrators.

    MSP administrator

    Distribute licenses to tenant administrators.

    Tenant administrator

    View the license information.

    Tenant subscription

    Disabled

    Huawei public cloud Scenario (MSP administrators do not need to centrally manage tenant licenses.)

    System administrator

    Disable the license split function when creating an MSP administrator.

    MSP administrator

    Apply for license activation codes from the Electronic Software Delivery Platform (ESDP).

    Tenant administrator

    Purchase license activation codes from MSPs, and import the codes to iMaster NCE-Campus and iMaster NCE-CampusInsight.

    Enabled

    Huawei public cloud Scenario (MSP administrators need to centrally manage tenant licenses.)

    System administrator

    Enable the license split function when creating an MSP administrator.

    MSP administrator

    Apply for license activation codes from the ESDP, and import the codes to iMaster NCE-Campus and iMaster NCE-CampusInsight.

    Tenant administrator

    View the license information.

    Select the license mode based on the type of the license purchased according to service requirements. If you select Global Permanent Mode or Tenant Subscription Mode, click OK. If you select Global Subscription Mode, configure whether to allow a global subscription license to be redistributed again.

    • Yes: The system administrator imports the license used by all tenants, assigns the license to an MSP. The MSP then allocates license resources to tenants in package mode.
    • No: The system administrator imports the license used by all tenants, and the license cannot be redistributed.

Managing System Administrator Accounts

Context

By default, the admin user has all rights.

To ensure system security, the admin user can create multiple sub-accounts and assign different rights to each sub-account based on the account role.

Prerequisites

  • Configure global account policies.

    You can configure account policies to define the user name length and login rules to improve account security of iMaster NCE-Campus. Account policies have been configured on iMaster NCE-Campus by default and can be modified as required.

    Choose System > Administrator > Administrator from the main menu. Click Account Policy to configure global account policies.

  • Configure global password policies.

    A simple administrator password can be easily cracked. To prevent this problem, configure password policies that define the complexity requirements of iMaster NCE-Campus administrator passwords, the password change interval, and the character limitation. Password policies have been configured on iMaster NCE-Campus by default and can be modified as required.

    Choose System > Administrator > Administrator from the main menu. Click Password Policy to set the global password policy.

    For security purposes, configure all password policies provided by iMaster NCE-Campus.

    If PCI authentication is required, modify account and password policies as follows:
    • Enable Disable unused accounts, and set Maximum number of consecutive idles days of account to 90. An account is disabled if the account has not logged in to the system at all for more than 90 days.
    • Set Invalid password monitoring period (min) to 30 in the Account Lockout Trigger Conditions area. In this case, if an account fails to log in to the system for five consecutive times within 30 minutes, the account is locked for 30 minutes.
    • Set Number of historical passwords that cannot be reused to 4.

  • Roles have been created.

    If functional rights of existing roles in the system do not meet requirements, you can create new roles before creating accounts or workgroup.

    Choose System > Administrator > Administrator from the main menu, and click the Role tab. Click Create, and select functional rights to create a role.

    By default, a system administrator has following roles. These roles cannot be deleted or modified.

    • System administrator: The system administrator has the right to manage the iMaster NCE-Campus servers. This includes monitoring clusters and configuring the mail server, SMS server, and GIS map.
    • Operator: The operator manages system service running.
    • Open API operator: The open API operator owns the privilege of open API services and configurations.

Procedure

  1. Choose System > Administrator > Administrator from the main menu.

    By default, the admin account is preset on iMaster NCE-Campus.

    admin: System administrator. When the admin user adjusts the account policy, password policy, and idle timeout policy, the account policy of the admin user is changed accordingly. The admin account cannot be modified or deleted. After logging in to iMaster NCE-Campus as the system administrator for the first time, change the initial password as prompted.

    The default username and password are available in iMaster NCE-Campus Default Usernames and Passwords (Enterprise Network or Carrier). If you have not obtained the access permission of the document, see Help on the website to find out how to obtain it.

  2. Click Create, and set parameters on the Create User page.

    For security purposes, keep the password secure and change it periodically.

    • Manually configure a password when creating a user account.

      Set Password create mode to Manual and then set a password for the account. If Modify password first login is set to Yes, the user will be prompted to change the password when using this account to log in to iMaster NCE-Campus for the first time, and can successfully log in after changing the password.

    • Configure a password via email.

      Set Password create mode to Email. After the account is created, the system sends a URL to your email box. You can click the URL to configure a password for the user account.

      • If you choose to configure a password via email, configure an email server before creating an account. Otherwise, the system fails to send a URL to the specified email address. For details, see Configuring an Email Server
      • If the password for a user account is configured via email, the user does not need to change the password upon the first login to iMaster NCE-Campus.

      Parameter

      Description

      Account

      Login account of a newly created administrator.

      User type
      • LOCAL: Local users can log in to iMaster NCE-Campus only from the web UI.
      • THIRD-PARTY SYSTEM ACCESS: A third-party system access user calls the northbound API /controller/v2/tokens to log in to iMaster NCE-Campus.
        NOTE:
        • If the user type is Third-party system access, the user can log in to iMaster NCE-Campus only by API call.
        • If the user type is Local, the user can log in to iMaster NCE-Campus only from the web portal.
        • In an upgrade scenario, the user type is changed from Local or Third-party system access to Both. When the user type is Both, the user can log in to iMaster NCE-Campus either by API call or from the web portal.

      Password create mode

      Mode in which a password is created. The options are Manual and Email.

      Password

      Initial login password of the newly created administrator.

      NOTE:
      • This parameter is displayed only when User Type is Local.
      • If the password creation mode is set to Email, you must enter a valid email address. After the account is created, the system sends a link to the mailbox. You need to click the link to configure the account and password.
      • In this mode, you do not need to change the password when you log in to iMaster NCE-Campus for the first time.

      Confirm password

      Modify password first login

      Whether to change the password upon first time login.

      Mobile number

      Phone number of an administrator, which is provided for easy and prompt contact by MSPs under the administrator.

      The email address can be used for password retrieval, receiving messages sent from the controller, and other purposes. Ensure that the mobile number is correct.

      Email address

      Email address of an administrator, which is provided for easy and prompt contact by MSPs under the administrator.

      The email address can be used for password retrieval, receiving messages sent from the controller, and other purposes. Ensure that the email address is correct.

      Role

      Selected the role from the drop-down list.

  3. Click Next.
  4. On the Managed Object page that is displayed, select the accounts to be managed by the system administrator, and click Next. By default, Select All Resources is disabled.

    The Select all resources parameter is configurable only the admin user creates a sub-administrator account.

    The created sub-account can create workgroups only when Select all resources is enabled.

  5. On the Access Control page that is displayed, click Create, set the allowed IP address range, and click OK.

    After the IP address range is added, the account can use only an IP address within this range to log in to iMaster NCE-Campus. If no IP address range is added, the account can use any IP address to log in to iMaster NCE-Campus.

    After logging in to iMaster NCE-Campus using this account, choose System > System Management > Account Information from the menu. Configure the IP address range on the Access Control page.

  6. Click OK.

Follow-up Procedure

  • Modify the account information, reset the password, and disable/enable/ an account.
    1. Choose System > Administrator > Administrator from the main menu.
    2. In the Operation column, click to modify account information, click to reset the password, and click to disable the account. If the account has been disabled, click to enable the account.

  • Delete an account.
    1. Choose System > Administrator > Administrator from the main menu.
    2. Select an account, and click Delete.

  • Transfer workgroup administrator rights.

    If the administrator of a workgroup is changed, an upper-level administrator can transfer the corresponding rights to another administrator.

    Workgroup administrators can transfer their rights to the administrators created by themselves. Before transferring rights of a work administrator, ensure that the workgroup administrator has created an administrator account.

    • This operation can only be performed on level-1 sub-workgroups of the workgroup to which the current user belongs and cannot be performed on the workgroups of level 2 or higher.
    • If workgroup administrators remain online after their rights are transferred, they will be forced offline and has no rights.
    1. Choose System > Administrator > Administrator from the main menu. Click the User tab.
    2. Click Select, select the desired workgroup, and click OK.

      Select a desired account and click Hand Over to enable this account to become the new workgroup administrator.

      The new account must be an administrator account created by the old workgroup administrator account.

      If the icon is moved to the right of the new administrator account, the rights are transferred successfully.

  • Create a user group.

    To create a user group, choose System > Administrator > Administrator from the main menu. Click the User Group tab, and click Create to create a user group.

    User groups are used to interconnect iMaster NCE-Campus with third-party services, such as the Active Directory Federation Services (ADFS), NetIQ, LDAP server, AD server, and RADIUS server.

    Click Next to select objects to be managed by user groups.

    Only a user with administrator rights can configure user groups.

  • Configure personal settings.

    Personal settings improve iMaster NCE-Campus access security. This function applies only to the current user.

    • Set the maximum number of concurrent online users.
      1. Choose System > System Management > Account Information from the menu.
      2. On the Basic Information page, click and set Max. concurrent users. Click Apply. The value 0 indicates there is no limit on the maximum number of concurrent online users.

    • Change the password.
      1. Choose System > System Management > Account Information from the menu.
      2. On the Basic Information page, click next to the password. In the dialog box that is displayed, set a new password.

    • Modify the login IP address range of the current account.

      Click Access Control tab. On the Access Control page, set the IP address range and click Create. If no IP address range is set, there is no limit on the login IP address range of the current account.

  • Configure the idle timeout period.

    To prevent unauthorized users from using the administrator account while the administrator is away, set the idle timeout time. If an administrator does not perform any operation within the specified period, the account will be automatically logged out. To perform further operations after the account is logged out, the administrator must log in to iMaster NCE-Campus again.

    Choose System > Administrator > Administrator from the main menu, click Idle timeout setting, set the idle time, and click OK.

  • Check online user management information.

    Choose System > Administrator > Administrator from the main menu, click Online user tab.

  • Check whether you have signed a privacy statement.
    1. Choose System > System Management > Account Information from the menu.
    2. On the Basic Information page, check whether you have signed the privacy statement.
      • If Sign privacy statement is Not signed, you have not signed the privacy statement.
      • If Sign privacy statement is Signed, you have signed the privacy statement.
  • Withdraw a privacy statement.
    To withdraw your consent to this privacy statement, click Cancel next to Sign privacy statement and click OK in the Warning dialog box that is displayed.

    You will be logged out if you withdraw the consent to the privacy statement. In addition, your mobile number and email address will be deleted from the controller. This may affect your login or password retrieval. Exercise caution when performing this operation.

Creating an MSP and the MSP Administrator

Context

A system administrator does not directly provide services to tenants. Instead, an MSP provides services to tenants. Therefore, you need to create an MSP and the MSP administrator first. The MSP is responsible for providing cloud managed devices and cloud network services to tenants. After a tenant applies for managed services from an MSP, the MSP can use iMaster NCE-Campus to query the device status and maintain devices on the tenant network.

Prerequisite

  • You can set the authentication mode to Username/Password or Username/Password + SMS verification code when you log in to iMaster NCE-Campus as an MSP administrator. If SMS two-factor authentication is required, configure an SMS server in advance according to Configuring an SMS Server.
  • A privacy statement has been created. For details, see Managing Privacy Statements. MSP administrators for which a privacy statement has been configured must sign the privacy statement as prompted when they log in to iMaster NCE-CampusiMaster NCE-WAN. Otherwise, the login will fail.

Procedure

  1. Log in to iMaster NCE-Campus as the system administrator.
  2. Access the MSP Management menu.

    Choose MSP Management > MSP Management > MSP Management.

  3. Click Create.
  4. On the MSP Information tab page, configure MSP information. If the authentication mode is set to Username/Password + SMS verification code, set the mobile number for receiving SMS messages. You need to create a privacy statement in advance. For details, see Managing Privacy Statements. MSP administrators for which a privacy statement has been configured must sign the privacy statement as prompted when they log in to iMaster NCE-Campus. Otherwise, the login will fail.

    If Username/Password + SMS verification code is configured, the SMS verification code must meet the following requirements:

    • The validity period of a verification code is 5 minutes. If the validity period exceeds 5 minutes, you need to obtain a new verification code.
    • You cannot obtain a verification code multiple times within 1 minute. After 1 minute, you can click the verification code button again to resend a verification code SMS message. The previous verification code automatically becomes invalid.
    • The function of obtaining verification codes is locked for 10 minutes after five consecutive attempts.
    • If you enter an incorrect verification code for three consecutive times, the verification code becomes invalid and you need to obtain a new one.

    When the system administrator logs in to iMaster NCE-Campus for the first time, the Split licenses function takes effect only after the license mode is set to Tenant Subscription Mode.

    To allow the MSP administrator to uniformly manage and allocate tenant license resources, enable Split licenses. The MSP administrator then can activate a license and allocates license resources to tenants after logging in to iMaster NCE-Campus. The tenants do not need to activate licenses by themselves.

    To allow tenants to activate licenses by themselves, disable Split licenses. After logging in to iMaster NCE-Campus, tenants can activate their own licenses.

  5. Click Next.
  6. On the Administrator Information page, configure administrator information.

    For security purposes, keep the password secure and change it periodically.

    • Manually set a password when creating a user account.

      Set Password create mode to Manual. Then you can directly set a password when creating the account. You will be prompted to change the password when logging in to iMaster NCE-Campus for the first time. You can log in only after the password is changed successfully.

    • Create a password via email.

      Set Password create mode to Email. After the account is created, the system sends a URL to your email box. You can click the URL to configure a password for the account.

      • If you choose to create a password via email, configure an email server before creating an account. Otherwise, the system fails to send a URL to the specified email address. For details, see Configuring an Email Server
      • If a password is created via email, you do not need to change the password upon the first login to iMaster NCE-Campus.

  7. Click OK.

Follow-up Procedure

Table 5-2 Related operations of configuring MSP administrators

Operation

Procedure

Modifying information about an MSP administrator

Click in the Operation column to modify information about an MSP administrator.

Deleting an MSP administrator

Click in the Operation column to delete an MSP administrator.

NOTE:

If the MSP administrator has created one or more tenants, the MSP administrator account cannot be deleted. To delete an MSP administrator account, delete the tenants created by this account first.

Viewing the privacy statement signed by an MSP administrator

If an MSP administrator has signed the privacy statement, click in the Operation column to view the time when the privacy statement is signed, and the name, version, and content of the privacy statement.

Parameter Description

Table 5-3 MSP and MSP administrator parameters

Parameter

Description

MSP Information

MSP name

MSP name.

Number of administrator accounts

Maximum number of administrator accounts of the MSP.

Number of workgroups

Maximum number of workgroups of the MSP.

Postal code

Postal code of an MSP administrator, which is provided for easy contact by tenants under the MSP.

Address

Postal address of an MSP administrator, which is provided for easy contact by tenants under the MSP.

Service mailbox

Email address of an MSP administrator, which is provided for easy and prompt contact by tenants under the MSP. The email address must be valid.

Service phone number

Phone number of an MSP administrator, which is provided for easy and prompt contact by tenants under the MSP. The phone number must be valid.

Login authentication mode

Authentication mode for MSP administrator login.

Username/Password: You only need to enter the account and password upon login. After the account and password are verified, the login succeeds.

Username/Password + SMS verification code: After you enter the account and password upon login, the SMS verification page is displayed. The login succeeds only after you pass the SMS verification.

Privacy statement

Privacy statement configured for an MSP administrator. When the system administrator creates an MSP administrator, the system administrator needs to enter user information such as the email address and mobile number, and creates a privacy statement for the user to sign. The privacy statement notifies the user that the information has been obtained and asks for the user's authorization. For details, see Managing Privacy Statements.

Administrator Information

Account

Account used by an MSP administrator to log in to iMaster NCE-Campus. The account must be in the format of an email address, for example, xxx@xxx.com. You are advised to ask for an account from the MSP or apply for a valid email address and assign this email address to the MSP administrator.

Password create mode

Mode in which a password is created. The options are Manual and Email.

Password

Initial password used by an MSP administrator to log in to iMaster NCE-Campus for the first time. The initial password must be changed upon the first login.

By default, a password can contain 10 to 128 uppercase and lowercase letters, digits, and special characters, but cannot contain the account name or its reverse. At most two consecutive repeats are allowed for a character in the password.

Confirm password

Confirm password, which must be identical to that of Password.

Email

Email address used for password retrieval, message pushing, and other purposes. The email address must be valid.

Mobile number

Used for two-factor authentication.

NOTE:

This parameter is configurable only when the authentication mode is set to Username/Password + SMS verification code.

Area

Country or area to which an MSP administrator belongs.

Managing Licenses

Generally, a license file is encrypted using the equipment serial number (ESN) as the key. You can apply for a new license from the license management server through the Huawei technical support system.

Table 5-4 License mode

License Mode

License Redistribution

Application Scenario

Role

Operation

Global permanent

Not supported

On-premises scenario

System administrator

Import license files of iMaster NCE-Campus and iMaster NCE-CampusInsight.

MSP administrator

View the license information.

Tenant administrator

View the license information.

Global subscription

Disabled

MSP-owned cloud scenario (MSP administrators do not need to centrally manage licenses.)

System administrator
  1. Select Global Subscription License and set License Redistribution to No upon the first login to iMaster NCE-Campus.
  2. Import license files of iMaster NCE-Campus and iMaster NCE-CampusInsight.

MSP administrator

N/A

Tenant administrator

N/A

Enabled

MSP-owned cloud scenario (MSP administrators need to centrally manage licenses.)

System administrator
  1. Select Global Subscription License and set License Redistribution to Yes upon the first login to iMaster NCE-Campus.
  2. Import license files of iMaster NCE-Campus and iMaster NCE-CampusInsight.
  3. Configure license packages of iMaster NCE-Campus and iMaster NCE-CampusInsight, and allocate them to MSP administrators.

MSP administrator

Distribute licenses to tenant administrators.

Tenant administrator

View the license information.

Tenant subscription

Disabled

Huawei public cloud Scenario (MSP administrators do not need to centrally manage tenant licenses.)

System administrator

Disable the license split function when creating an MSP administrator.

MSP administrator

Apply for license activation codes from the Electronic Software Delivery Platform (ESDP).

Tenant administrator

Purchase license activation codes from MSPs, and import the codes to iMaster NCE-Campus and iMaster NCE-CampusInsight.

Enabled

Huawei public cloud Scenario (MSP administrators need to centrally manage tenant licenses.)

System administrator

Enable the license split function when creating an MSP administrator.

MSP administrator

Apply for license activation codes from the ESDP, and import the codes to iMaster NCE-Campus and iMaster NCE-CampusInsight.

Tenant administrator

View the license information.

Obtaining License Files

Context

For commercial deployment with a contract, license files are generated based on the order. Onsite engineers obtain the licenses that are bound to ESNs, download the licenses, and load them on the system.

For a remote disaster recovery system. You only need to apply a license for the active iMaster NCE-WAN cluster. After the DR configuration is complete, the system automatically synchronizes the license to the standby iMaster NCE-WAN cluster.

Prerequisites

  • You have obtained the authorization ID (LAC code), activation code, or project contract number.
  • You have obtained the ESDP permission.

    ESDP defines five roles: guest, carrier GTS, enterprise GTS, TAC, and channel. The following table describes the permissions and license application methods of the five roles:

    Role

    Permission

    License Application Method

    Guest

    Can only download and activate commercial licenses by using authorization passwords.
    • An end user can obtain the guest permission on the license website after applying for a Uniportal account on Huawei website.
    • A Huawei employee can obtain the guest permission when accessing the license website through a W3 account.

    Carrier GTS

    Can perform the following operations on all commercial licenses and temporary licenses: activation and downloading, ESN change, and maintenance.

    A Huawei employee can submit a carrier GTS application form on the license website.

    Enterprise GTS

    A Huawei employee can submit an enterprise GTS application form on the license website.

    TAC

    A Huawei employee can submit a TAC application form on the license website.

    Channel

    Can download, activate, and maintain all commercial licenses in the contracts and apply for temporary licenses.

    The administrator of a certified channel needs to log in to the user management system of Huawei enterprise BG to apply for enhanced permission of license website for the employees of the channel.

Procedure

  1. Choose System > Administrator > License Management on the home page.
  2. Click Obtain ESN to obtain the ESN.

  3. Log in to the Huawei ESDP (https://app.huawei.com/sdp/portal.html) and choose License Activation > Entitlement Activation to access the License Activation page.
  4. On the page, search activation IDs based on the entitlement ID and select the desired ID.

  5. Click Next and enter the ESN of the desired server.

  6. Click Next and then Activate License.

  7. Click Download to download the license file.

Managing Licenses (Global Perpetual Mode)

Context

A permanent license defines the number of devices that can be added in a resource item. For example, if the resource item of AR100 series devices is 100, iMaster NCE-Campus allows to add a maximum of 100 AR100 series devices. If there are more than 100 devices, the excess AR100 series devices cannot be added to iMaster NCE-Campus.

In enterprise-built private cloud scenarios, the system administrator directly imports global permanent license files when constructing the cloud management platform. Tenants do not need to purchase the license activation code from the MSP.

Global permanent mode + SnS fee:
  • Coding mode: 8803 or 8806
  • Within the validity period, Huawei provides the maintenance service. After the validity period ends, the services of iMaster NCE-Campus are still available, but Huawei no longer offers the maintenance service.

    Example: SnS is a maintenance service, which is irrelevant to whether the license can be used. For example, after you purchase a computer, you can use it for life, while the warranty period of the computer's main board is only one year. The computer is equivalent to a permanent license, while the warranty period of the main board is equivalent to the SnS.

The system administrator can manage global permanent licenses only when the system administrator logs in to iMaster NCE-Campus for the first time and sets the license mode to Global Permanent Mode.

Prerequisites

The iMaster NCE-CampusInsight license file has been imported to iMaster NCE-Campus. Before interconnecting iMaster NCE-Campus to iMaster NCE-CampusInsight, you need to synchronize the iMaster NCE-CampusInsight license to iMaster NCE-Campus. For details, see Configuring Interconnection with iMaster NCE-CampusInsight.

Procedure

  1. Choose System > Administrator > License Management on the home page.
  2. To load a license file, click Upload License.

    In the Select License File dialog box, select the obtained license file. License files of iMaster NCE-Campus and iMaster NCE-CampusInsight can be uploaded. If iMaster NCE-Campus is interconnected with iMaster NCE-CampusInsight, you can upload the iMaster NCE-CampusInsight license through iMaster NCE-Campus.

    If the license fails to be loaded, the possible reasons are as follows:

    • The license file signature is incorrect.
    • The license file is tampered with.
    • The license file type is incorrect.
    • The license file size exceeds 50 KB.
    • The license is invalid or has expired.

    If the preceding errors occur, contact technical support engineers.

  3. Click OK. The license file is loaded successfully. Click to view the detailed information about the loaded license file.

    • After a license is loaded successfully, you can view the software ID for SnS charging and authentication.
    • License expiration time recorded in the license file: indicates the expiration time of the license on iMaster NCE-Campus. After the license expires, it will become unavailable, for example, devices can no longer be managed by iMaster NCE-Campus.
    • License SnS expiration time recorded in the license file: indicates the expiration time of SnS (maintenance service and remote technical support). After SnS expires, Huawei stops providing maintenance services and remote technical support.

  4. Click the License Information tab to view the license information.

    • Select NCE-Campus from the Product name drop-down list to view the detailed information about controller licenses.

    • Select CampusInsight from the Product name drop-down list to view the detailed information about iMaster NCE-CampusInsight licenses.

Follow-up Procedure

  • Revoking a license

    When replacing the iMaster NCE-Campus server, you can revoke the license to ensure that the license can still be used on the new server.

    Click Revoke License to revoke the commercial license on the old iMaster NCE-Campus server. A revocation code is generated. You can use the revocation code and the ESN of the new iMaster NCE-Campus server to apply for a new commercial license on ESDP. Then, all resources in the revoked license are available for use.

    After you click in the Operation column for the desired license file, the commercial license enters the grace period which lasts two months. If you do not load a new license before the grace period ends, the license is automatically disabled and all devices are forced offline.

  • Removing a license

    After you click in the Operation column for the desired license file, iMaster NCE-Campus enters a license-unloaded state.

    Only when no tenant under the system administrator has devices, you can remove the license.

Managing Licenses (Global Subscription Mode + License Redistribution Disabled)

Context

Global subscription license:
  • Coding mode: 8806
  • License consumption by time: After a license expires, iMaster NCE-Campus stops the license services.
  • License form: Number of devices x Number of available days
  • Example: The concept of subscription is similar to that of a monthly package. A customer purchases a 10 device-day license for the 8-port S5700-LI series switch. If there is one such switch, 10 days can be used; if there are two such switches, 5 days can be used, and so on. The total number of device-days of the license must be 10.
  • Deduction time: The system deducts and settles license resources at 02:00 every day.
  • Application scenario: MSP-built public cloud

For licenses that cannot be redistributed: The system administrator directly imports license files, and tenants do not need to purchase the license activation code from the MSP.

The system administrator can manage and redistribute global subscription licenses only after logging in to iMaster NCE-Campus for the first time and setting the license mode to Global Subscription Mode. If Global Subscription Mode is selected, set License Redistribution to No.

Procedure

  1. Choose System > Administrator > License Management on the home page.
  2. Click Upload License and load the license. If iMaster NCE-Campus interconnects with iMaster NCE-CampusInsight, you need to import the license files of both iMaster NCE-Campus and iMaster NCE-CampusInsight.

    In the Select License File dialog box, select the obtained license and click OK.

    If the license fails to be loaded, the possible causes are as follows:

    • The license file signature is incorrect.
    • The license file is tampered with.
    • The license file type is incorrect.
    • The license file size exceeds 50 KB.
    • The license is invalid or has expired.

    If the preceding errors occur, contact technical support personnel.

  3. Query license information.

    • Check the license resources.

      Statistics on the total license consumption can be collected by resource item.

    • Check the daily consumption of license resources.

      The daily consumption of license resources can be queried by date.

    • View the license import record. Click to view the detailed information about a license file.

      After a license is loaded successfully, you can view the software ID for SnS charging and authentication.

Follow-up Procedure

  • Recalculate the expiration time.

    Click Recalculate Expiration Time to set resource items with different expiration time to the same expiration time for easy management. This operation is irreversible.

    The function of recalculating the expiration time can be used to integrate resources. For example, there are three types of license resource items, including AR100 series: 10 device-days with 5 yuan per device-day; AR1200 series: 20 device-days with 10 yuan per device-day; and indoor AP series: 20 device-days with 20 yuan per device-day. Assume that iMaster NCE-Campus manages 5 AR100 series devices and 10 AR1200 series devices. You can click Recalculate Expiration Time to integrate license resources. The formulas are as follows: 10 x 5 + 20 x 10 + 20 x 20 = 650, 5 x 5 + 10 x 10 = 125 (consumption of all devices in a day), 650/125 = 5 R 25 (remainder 25). Then the license resources of the AR100 and AR1200 series devices will expire in five days. The remaining 25 yuan will be added to the new license resource pool to be integrated in the next calculation.

    This function enables resource allocation to be more flexible. Expired resources can be integrated so that they can be used normally.

  • Click Expiration Notification, enable Receive expiration notification, and configure the email addresses of recipients. Notification emails will be sent to the specified email addresses when a license is about to expire.
    • The system administrator must configure an email server before enabling Receive expiration notification. Otherwise, Receive expiration notification cannot be enabled. For details, see Configuring an Email Server.
    • A maximum of five email addresses can be configured. Email addresses need to be separated with line breaks.
    • If a license resource item is about to expire in less than 30 days, the system will send notification emails at 02:25 every day.
    • If license expiration notification is configured, the license expiration email is sent only to the email addresses specified in Notified object. In this case, you are advised to specify the email address of the tenant administrator in Notified object.

  • Export or send a license usage report.
    • Export the license usage report. Click Export, and select CSV or HTML. The license usage report is exported into a CSV or HTML file.

    • Configure the system to send the license usage report immediately. Click Send Email, and select Immediately. On the Send Immediately page that is displayed, click Add, configure the email address to which the report needs to be sent, select the report format (CSV or HTML), and click . Set the fiscal year and date, and click OK. The license usage report is converted into an HTML or a CSV file and sent to the specified email address.

      The sent report records the license usage data of last calendar month. For example, if you configure the system to send the license usage report in July, the report recording the license usage data of June is sent.

      Before enabling Receive expiration notification, configure an email server. For details, see Configuring an Email Server.

    • Configure the system to send the license usage report periodically. Click Send Email and select Periodically. On the Send Periodically page that is displayed, set Export enabling to , specify the report name as well as the fiscal year and date, and click Add. Configure the email address to which the report needs to be sent, select the report format (CSV or HTML), and click . Select the report sending time, and click OK. The license usage report is converted into an HTML or a CSV file and sent to the specified email address.

Managing Licenses (Global Subscription Mode+License Redistribution Enabled)

Context

Global subscription license:
  • Coding mode: 8806
  • License consumption by time: After a license expires, iMaster NCE-Campus stops the license services.
  • License form: Number of devices x Number of available days
  • Example: The concept of subscription is similar to that of a monthly package. A customer purchases a 10 device-day license for the 8-port S5700-LI series switch. If there is one such switch, 10 days can be used; if there are two such switches, 5 days can be used, and so on. The total number of device-days of the license must be 10.
  • Deduction time: The system deducts and settles license resources at 02:00 every day.
  • Application scenario: MSP-built public cloud

For licenses that can be redistributed: The system administrator can redistribute a license to an MSP administrator in package mode, and then the MSP administrator allocates license resources to tenants for refined license management.

The system administrator can manage and redistribute global subscription licenses only after logging in to iMaster NCE-Campus for the first time and setting the license mode to Global Subscription Mode. If Global Subscription Mode is selected, set License Redistribution to Yes.

By default, the system grants a one-year license resource for iMaster NCE-Campus and a 30,000 device-day subscription license resource. You need to purchase new license resources before the license expires to prevent service interruption.

Procedure

  1. Import the license file.

    1. Choose System > Administrator > License Management on the home page.
    2. Click Upload License and load the license. If iMaster NCE-Campus interconnects with iMaster NCE-CampusInsight, you need to import the license files of both iMaster NCE-Campus and iMaster NCE-CampusInsight.

      In the Select License File dialog box, select the obtained license and click OK.

      If the license fails to be loaded, the possible causes are as follows:

      • The license file signature is incorrect.
      • The license file is tampered with.
      • The license file type is incorrect.
      • The license file size exceeds 50 KB.
      • The license is invalid or has expired.

      If the preceding errors occur, contact technical support personnel.

    3. Query license information.
      • Check the license resource control.

        Statistics on the total license consumption can be collected by resource item.

      • Check the daily consumption of license resources.

        The daily consumption of license resources can be queried by date.

      • View the license import record. Click to view the detailed information about a license file.

        After a license is loaded successfully, you can view the software ID for SnS charging and authentication.

  2. Configure a license package.

    Click the License Package tab, click Create, select the device series contained in the license package, and click Apply.

    If iMaster NCE-Campus interconnects with iMaster NCE-CampusInsight, you need to configure license packages of both iMaster NCE-Campus and iMaster NCE-CampusInsight.

  3. Allocate the package to the MSP.

    1. Click the MSP License tab. Click on the left of the MSP administrator to view the license status and resource consumption of the MSP.

    2. Click Create, click in the Package Name column to select a license package, and click OK.

    3. Configure the number of license resources (unit: device x day) and then click . The license package is allocated to the MSP.

    4. (Optional) Click to freeze the license package. The frozen license package cannot be redistributed or used. Click to change the number of resources in the license package. Click to delete an allocated package.

      Freezing or deleting a license package will cause the related devices to go offline. Therefore, exercise caution when performing these operations.

    5. (Optional) Click Disable Strategy and set Unified deactivation time and Longest Arrears (days) of the license package.

      The license will be deactivated either at the deactivation time set in Disable Strategy or the actual expiration time of the license, whichever is earlier.

  4. Log in to iMaster NCE-Campus as an MSP and allocate license resources to tenants. For details, see Activating and Allocating Licenses (Global Subscription Mode + Enable License Redistribution).

Follow-up Procedure

Click Recalculate Expiration Time to set resource items with different expiration time to the same expiration time for easy management. This operation is irreversible.

The function of recalculating the expiration time can be used to integrate resources. For example, there are three types of license resource items, including AR100 series: 10 device-days with 5 yuan per device-day; AR1200 series: 20 device-days with 10 yuan per device-day; and indoor AP series: 20 device-days with 20 yuan per device-day. Assume that iMaster NCE-Campus manages 5 AR100 series devices and 10 AR1200 series devices. You can click Recalculate Expiration Time to integrate license resources. The formulas are as follows: 10 x 5 + 20 x 10 + 20 x 20 = 650, 5 x 5 + 10 x 10 = 125 (consumption of all devices in a day), 650/125 = 5 R 25 (remainder 25). Then the license resources of the AR100 and AR1200 series devices will expire in five days. The remaining 25 yuan will be added to the new license resource pool to be integrated in the next calculation.

This function enables resource allocation to be more flexible. Expired resources can be integrated so that they can be used normally.

Supplementary Tasks

The set of supplementary tasks include the configuration tasks that the system administrator may perform.

Managing the Device Whitelist

Context

Using the device whitelist function, you can control devices that can register with iMaster NCE-Campus based on the device ESNs.

After this function is enabled, devices whose ESNs are not in the whitelist are regarded as unauthorized devices.

  • A tenant administrator can only add devices whose ESNs are in the whitelist to iMaster NCE-Campus.
  • Unauthorized devices that have been added to iMaster NCE-Campus before the device whitelist function is enabled cannot go online after they go offline.

Procedure

  1. Choose System > System Management > Device Whitelist from the main menu.
  2. Switch on Enable device whitelist.

  3. Add device ESNs to the device whitelist.

    • Batch import device ESNs

      Click Import. In the dialog box that is displayed, download the Excel template, enter device ESNs in the template, and import the template as prompted.

    • Add device ESNs one by one

      Click Create. In the dialog box that is displayed, click Add and add device ESNs one by one.

You can click Export to export information about all unauthorized devices currently deployed on the network to a CSV file.

Configuring a Map URL

After the locations of sites are marked on the map, iMaster NCE-Campus can display monitoring data of each site on the map. iMaster NCE-Campus supports Amap and Google Maps. Purchase the license, obtain the API address from the map service provider, and perform the following operations.

Prerequisites

You have purchased related services from the map service provider and obtained the API address and key of the map. For details about how to apply for a key value, see Google Maps Key Application Procedure.

Procedure

  1. Choose System > System Management > Third-Party Service, and click the Map URL Settings tab.
  2. Click Edit corresponding to the map, enter values of API address and Key, and select Instructions for Use.

  3. Click OK.

Google Maps Key Application Procedure

  1. Access the Google Maps official website at https://developers.google.com/maps/documentation/javascript/get-api-key.
  2. Register a Google account and log in.
  3. Create a Google Maps project.

    1. Choose Set up in Cloud Console from the navigation pane. Under Creating a project, click Create new project.

    2. Enter project information and click CREATE to create a project.

  4. Apply for an API key.

    1. Choose Set up in Cloud Console from the navigation pane. Under Enabling APIs, click Enable the Maps JavaScript API.

    2. Select the created project and click ENABLE to enable the Maps JavaScript API function.

    3. On the Credentials tab page, click CREATE CREDENTIALS and click API key.

    4. Obtain the API key.

  5. (Optional) Remove the Google Maps watermark.

    There is a watermark on Google Maps by default. You need to pay fees if you want to remove the watermark from the map.

    1. Choose Set up in Cloud Console from the navigation pane. Under Creating budgets and setting alerts, click Go to the Billing page.

    2. Click ADD BILLING ACCOUNT.
    3. Enter personal information.

    4. Click START MY FREE TRIAL.

Parameter Description

Table 5-5 Map URL

Parameter

Description

API address

Map URL.

  • Google Maps URL: https://maps.googleapis.com/maps/api/js
  • Amap URL: https://webapi.amap.com/maps?v=1.4.0

Key

Key applied for from the map service provider.

Configuring the Registration Center

Context

  • In HUAWEI public cloud scenarios, a unique domain name is provided for southbound cloud managed devices to go online. Cloud managed devices are configured with a unique domain name before delivery so that they can implement plug and play.
  • In MSP-owned cloud scenarios, iMaster NCE-Campus can connect to Huawei registration center. A unique domain name is provided for southbound cloud managed devices to go online. Cloud managed devices are configured with a unique domain name before delivery so that they can implement plug and play.
  • In on-premises scenarios, no unified IP address or domain name can be provided for southbound cloud managed devices. Therefore, the default IP address of iMaster NCE-Campus must be manually changed on the cloud managed devices.

The registration center connects to iMaster NCE-Campus in the northbound direction and uses a unique southbound IP address to connect to cloud managed devices in the southbound direction. To synchronize device data from the registration center, an administrator can configure interconnection between iMaster NCE-Campus and the registration center. Preset with the domain name of the registration center, cloud managed devices can obtain the IP address of iMaster NCE-Campus from the registration center and then send registration requests to iMaster NCE-Campus, implementing device plug-and-play.

Procedure

  1. Contact technical support engineers to obtain the account, password, and trust certificate of the registration center.
  2. (Optional) Log in to iMaster NCE-Campus as a system administrator. Choose System > System Management > Certificate Management
  3. Choose Service Certificate Management from the navigation pane. On the Services page, click RegisterCenter.
  4. Click the Trust Certificate tab, click Import, enter information about the certificate file to upload, select the desired certificate file of the registration center, and click Submit to upload the certificate file to iMaster NCE-Campus.

    By default, iMaster NCE-Campus has a built-in certificate for interworking with the registration center. If the certificate of the registration center is changed, you need to obtain a new certificate and update the old one.

    According to standards, the trust certificate of the registration center named as RegisterCenterTrust.cer. If the obtained trust certificate does not have a standard name, modify the name manually before you upload it.

  5. Choose System > System Management > Third-Party Service. In the Registration Query Center Settings tab, enter the address, user name, and password of the registration center. Select the certificate file, and click Apply.

    The address of the registration center is register.naas.huawei.com.

    • If the authentication is successful, the system displays the Configuration successful message.
    • If the user name or password is incorrect, the system displays the Incorrect user name or password message. Check whether the user name and password are correct.
    • If the network is abnormal, the system displays the Network exception. Please check the network message. Check the network connection.

Configuring an Email Server

Context

If iMaster NCE-Campus needs to send emails to users, you need to configure an email server first.

iMaster NCE-Campus needs to send emails in the following scenarios:

  • If the system administrator, MSP administrator, or tenant administrator forgets the password, iMaster NCE-Campus sends a reset password to the administrator through an email.
  • After the system administrator performs alarm settings on iMaster NCE-Campus, iMaster NCE-Campus sends emails to notify users of reported alarms.
  • When the system administrator deletes ESNs or devices, a notification email is sent to the tenant administrator if needed.
  • If the tenant administrator wants to use the email-based deployment function, iMaster NCE-Campus needs to send deployment emails to related personnel.
  • iMaster NCE-Campus sends a notification email to a tenant if a tenant license is about to expire.
  • When portal authentication is configured for guest access, you need to set the approver notification mode or guest notification mode to email notification.

Procedure

  1. Upload an email server certificate.

    1. Contact the SMS server provider to obtain a certificate file.
    2. Choose System > System Management > Certificate Management from the main menu.
    3. Choose Service Certificate Management from the navigation pane. On the Services page, click CampusBaseServiceServerConfigMoudle.
    4. Click the Trust Certificate tab and click Import. On the displayed page, enter the certificate information, select the desired email server certificate, and click Submit to upload the certificate to iMaster NCE-Campus.

  2. Choose System > System Management > Third-Party Service. Click the Email Server tab.
  3. Set parameters for connecting to the email server.

    If the email server uses a third-party CA certificate, you are advised to disable Validate server certificate.

  4. Click Test to verify the email sending function.

    • If the message "The test succeeds" is displayed and the mailbox receives the test email, the configuration is successful. Click Save.
    • If the message "The test succeeds" is displayed but the mailbox does not receive the test email, check whether the email function of the SMTP server is normal.
    • If the message "Failed to connect to the email server" is displayed, check whether the above parameters are correctly configured.
      • Affected by the network quality and performance of the SMTP server, the time of receiving emails will be delayed within two minutes.
      • Some SMTP providers set the right control for third-party application access. If the test fails, check whether the function of controlling third-party application access is enabled on the SMTP server and set password to the authentication password of the SMTP server.
      • Limited by security policies of email service providers, administrators may fail to receive emails in some scenarios. If no email is received, log in to the email service website or contact the email service provider to check whether the email is returned or other exceptions occur. Alternatively, replace the email server and try again.

Parameter Description

Table 5-6 Parameters on the Email Server tab page

Parameter

Description

SMTP address

SMTP address of the mailbox from which emails are sent. The address must be an IP address or in the smtp.mail.com format.

NOTE:

SMTP is short for Simple Mail Transfer Protocol. SMTP is mainly used to transfer system emails and provide email notifications.

Port

Port number of the SMTP service provided by the email server. You can obtain the port number from the email service provider. By default, the port number is 25.

Secure connection

Whether secure connection is enabled.

Encryption connection type

Protocol for establishing an encrypted communication link between iMaster NCE-Campus and the SMTP server. This parameter is available only when Secure connection is selected.

NOTE:

Secure protocol TLSv1.2 is recommended. TLSv1.0 and TLSv1.1 are insecure protocols; therefore, exercise caution when using them.

Validate server certificate

For security purposes, select Secure connection and Validate server certificate. Select certificate.

Certificate File

Certificate file of the email server. This certificate ensures communication security between iMaster NCE-Campus and the email server.

Authentication

Whether to enable the email account and password authentication.

Account

The two parameters are valid only when Authentication is selected.

User name and password for logging in to the SMTP server.

Password

Sender Email

Sender email address, which must have been registered on the email server. During the email test, this address is used as a recipient email address. After the connectivity test is successfully performed and the configurations are saved, this address is used as the sender email address.

Customized email subject

Email subject. An administrator can customize the prefix and suffix of the email subject. When an email is sent, the prefix and suffix are automatically added before and after the email subject.

Customized email signature

Email signature. An administrator can customize the email signature, and the signature is automatically attached to emails.

Configuring an SMS Server

Context

If SMS authentication needs to be used, configure an SMS server. Administrators can configure an SMS server template in which an SMS gateway is specified. The SMS function is implemented after account information is configured in the SMS server template.

By default, the system is pre-configured with the following SMS server connection parameters:

  • fungo: http://qxt.fungo.cn/Recv_center. This is the SMS platform of fungo.cn (Beijing, China).
  • twilio: https://api.twilio.com:8443/2010-04-01/Accounts/{USERNAME}/Messages.json. To use this SMS server, access www.twilio.com and apply for an account.

Procedure

  1. Import an SMS server certificate.

    1. Contact the SMS server provider to obtain a certificate file.
    2. Choose System > System Management > Certificate Management from the main menu, and click the Trusted Certificate tab.
    3. Choose Service Certificate Management from the navigation pane. On the Services page, click CampusBaseServiceServerConfigMoudle.
    4. Click the Trust Certificate tab and click Import. On the displayed page, enter the certificate information, select the desired SMS server certificate, and click Submit to upload the certificate to iMaster NCE-Campus.

  2. Configure an SMS server template.

    1. Choose System > System Management > Third-Party Service from the main menu. Click the SMS Platform tab.
    2. Click Create and create an SMS server template.
      • To configure an HTTP SMS server template, set SMS Service type to HTTP SMS Service.

        • Each host of iMaster NCE-Campus must be able to ping the SMS server address specified by URL address successfully.
        • If a domain name is used as the SMS server address, the domain name must be resolved correctly by each host of iMaster NCE-Campus. This domain name can be resolved into the corresponding public IP address by a DNS server. Alternatively, the mapping between the domain name and public IP address can be added to the /etc/hosts file on each host.
      • To configure an SMPP SMS server template, set SMS Service type to SMPP SMS Service.

        The SMPP SMS server IP address must be a private IP address.

        • Class A private IP address range: 10.0.0.0 to 10.255.255.255.
        • Class B private IP address range: 172.16.0.0 to 172.31.255.255.
        • Class C private IP address range: 192.168.0.0 to 192.168.255.255.

    3. Click Apply.

  • Configure the SMS server.
    1. Choose System > System Management > Third-Party Service from the main menu. Click the SMS Server tab.
    2. Select an SMS Platform, and configure the related data.

      HTTPS is recommended because it is more secure than HTTP.

      • Set SMS Service type to HTTP SMS Service and select fungo from the SMS platform drop-down list box.

      • Set SMS Service type to HTTP SMS Service and select twilio from the SMS platform drop-down list box.

      • Set SMS Service type to SMPP SMS Service and select the created SMS template from the SMS platform drop-down list box.

    3. Click Test to verify validity of the SMS message sending function.
      • If the test succeeds, the message "The test succeeds" is displayed, and you can receive the test SMS message from iMaster NCE-Campus.
      • If the test fails, the message "Failed to test the SMS serve" is displayed. Perform operations according to the scenarios:
        • If an error code is displayed in the dialog box, check the product documentation of the SMS service provider for the cause of the error, and obtain the troubleshooting method.
        • If no error code is displayed in the dialog box, contact the system administrator to check the URL specified in the SMS server template to see whether the SMS server is reachable.
    4. After the test is successful, click Save.

Parameter Description

Table 5-7 HTTP SMS platform

Parameter

Description

Template name

Name of a template for configuring the SMS format and content.

Sending mode
Sending mode:
  • POST
  • GET

Ensure that the message sending mode is the same as that of the SMS gateway.

Coding format

Coding format supported by the SMS gateway:

  • UTF-8: All languages are supported.
  • GBK: Only Chinese is supported, including the simplified Chinese and traditional Chinese.
  • TIS-620: Only Thai is supported.

URL address

Address of the SMS gateway.

TLS version

TLS version. This parameter is available only when HTTPS is selected. The value must be the same as the TLS protocol version of the SMS gateway.

Host address

This parameter corresponds to the HOST field in an HTTP request. If this parameter is left empty, the URL is used by default.

Request parameters

iMaster NCE-Campus transfers attributes to a third-party SMS gateway, so that the SMS sending function can be implemented.

The value is in the format of Attribute name = Attribute value.

  • Attribute name: defined by the SMS server. Use the actual attribute name.
  • Attribute value: defined by iMaster NCE-Campus. iMaster NCE-Campus supports static and dynamic parameters.

Static parameters are known parameters, for example, the user name used by iMaster NCE-Campus to communicate with the SMS server.

Dynamic parameters are unknown parameters, for example, the phone number of the SMS message recipient.

Among the attributes, {USERNAME} indicates the user name, {PASSWORD} indicates the password, {TELEPHONENUMBER} indicates the phone number, {FROMNUMBER} indicates the initiating number, and {MSGCONTENT} indicates the SMS message content.

For example, assume that an SMS server provider provides the following attribute names:

CpName: user name

CpPassword: password

DesMobile: phone number

FromMobile: initiating number

Content: SMS message content

Assume that the service provider provides the following attributes: {USERNAME}, {PASSWORD}, {FROMNUMBER}, {TELEPHONENUMBER}, and {MSGCONTENT}. The attribute settings are as follows:

CpName = {USERNAME}

CpPassword = {PASSWORD}

DesMobile = {TELEPHONENUMBER}

FromMobile = {FROMNUMBER}

Content = {MSGCONTENT}

Parameter Position

Position where parameters are concatenated in an HTTP request.

  • query: The parameters are concatenated to a URL.
  • body: The parameters are concatenated to a request body.

Body Format

Body format. This parameter corresponds to the content-type field in an HTTP request.

Authenticate Type

Authentication mode. This parameter corresponds to the Authorization field in an HTTP request.

Success Flag

Part or all of the strings in the success return code designed on the SMS gateway. The success flag is used to inform iMaster NCE-Campus whether the SMS message is successfully sent.
Table 5-8 SMPP SMS platform

Parameter

Description

Coding format

Coding format supported by the SMS gateway:

  • UTF-8: All languages are supported.
  • GBK: Only Chinese is supported, including the simplified Chinese and traditional Chinese.

Template name

Name of the SMS server template configured by the system administrator. The template is used to specify an SMS gateway.

SMS Service IP

IP address and port number of the SMPP SMS server.

Port

Source number encoding scheme

Encoding scheme of the SMS message sender's number. Contact the SMS service provider to obtain this scheme.

Source number type

Type of the SMS message sender's number. Contact the SMS service provider to obtain this type.

Destination number encoding scheme

Encoding scheme of the SMS message receiver's number. Contact the SMS service provider to obtain this scheme.

Destination number type

Type of the SMS message receiver's number. Contact the SMS service provider to obtain this type.
Table 5-9 HTTP SMS server

Parameter

Description

SMS platform

SMS template. Administrators can configure an SMS server template to specify an SMS gateway.

By default, the following SMS server connection parameters are pre-configured on iMaster NCE-Campus:

  • fungo: http://qxt.fungo.cn/Recv_center. This is the SMS platform of fungo.cn (Beijing, China).
  • twilio: https://api.twilio.com:8443/2010-04-01/Accounts/{USERNAME}/Messages.json. To use the SMS service provided by twilio, access www.twilio.com and apply for an account.

To use the SMS service provided by another carrier, you can create an SMS platform template as needed.

Account

Account obtained during SMS service application.

Token

Password obtained during SMS service application.

NOTE:

For system and user security purposes, it is recommended that the password provided by a third party meet the complexity requirements.

SMS message signature

Signature of SMS messages.

Send number

Number obtained from the SMS service provider, used to check whether the number for sending SMS messages is correct. This parameter is configurable only when the twilio template is selected.

Inheritance

When this function is enabled and neither the MSP administrator nor the tenant administrator configures an SMS server, the SMS server configured by the system administrator is used. When this function is disabled, MSPs and tenants cannot use the SMS server configured by the system administrator.

Test number

Number for sending a test SMS message. The value can be any available mobile number.

Test SMS message

Content in a test SMS message.
Table 5-10 SMPP SMS server

Parameter

Description

SMS platform

SMS platform template. Administrators can configure an SMS platform template to specify an SMS gateway.

System id

SMS server ID obtained during SMS service application.

Password

Password obtained during SMS service application.

Source number

Number obtained from the SMS service provider, used to check whether the number for sending SMS messages is correct.

Inheritance

When this function is enabled and neither the MSP administrator nor the tenant administrator configures an SMS server, the SMS server configured by the system administrator is used. When this function is disabled, MSPs and tenants cannot use the SMS server configured by the system administrator.

Test number

Number for sending a test SMS message. The value can be any available mobile number.

Test SMS message

Content in a test SMS message.

Configuring Interconnection with a Syslog Server

Importing the Syslog Server Trust Certificate

Context

This certificate is used for syslog server authentication when iMaster NCE-Campus functions as the client to securely communicate with the remote syslog server.

Procedure
  1. Choose System > System Management > Certificate Management from the main menu.
  2. Choose Service Certificate Management from the navigation pane. On the Services page, click NorthboundCommunicationService-Syslog.
  3. Click the Trust Certificate tab and click Import. On the displayed page, enter the certificate information, select the desired syslog server certificate, and click Submit to upload the certificate to iMaster NCE-Campus.

    For security purposes and to prevent certificate expiration, you are advised to update certificates periodically (for example, every three months).

Configuring Syslog

Context

To use the syslog server or the syslog service module of the NMS to receive and manage logs and alarms, you need to configure the syslog server and iMaster NCE-Campus.

Logs and alarms can be displayed and queried on or exported from iMaster NCE-Campus. iMaster NCE-Campus can also report logs and alarms to the syslog server or the syslog service module of the NMS using syslog messages. The syslog server manages logs and alarms. iMaster NCE-Campus reports logs and alarms to the syslog server using UDP (less secure) or TLS (secure).

Logs that can be reported to a syslog server include run logs, operation logs, and security logs, and alarms that can be reported to a syslog server include cluster alarms and device disconnection alarms. You can customize alarm information reported to a syslog server using syslog messages.

Procedure
  1. Choose System > System Management > Third-Party Service from the main menu, and click the Syslog Configuration tab.
  2. On the Interconnection Management page, click Add, and specify interconnection parameters based on the data plan.

  3. Select the types of logs to be reported.

  4. Add alarms to the Subscribed Alarm List area based on the alarm severity and alarm ID.

    1. Enable the alarm reporting function.

    2. Select the alarms to be reported.
      • Select alarms by severity.

      • Select alarms by feature.

  5. Click Test on the bottom of the page.

    A test is required only when TLS is selected. If UDP is selected, the Test button is unavailable. Skip this step and click Apply.

    • If the message "Test successfully" is displayed, the syslog configuration succeeds. Click Apply.
    • If the message "Test failed" is displayed, the parameters or certificates are incorrect. In this case, check the parameter values configured on and certificates imported to the northbound application and iMaster NCE-Campus. If the parameters and certificates are incorrect, modify them, and then click Test again.

Parameter Description
Table 5-11 Parameters on the Syslog Configuration tab page

Parameter

Description

IP address type/domain name

IP address type or domain name of the syslog server.

IP address/Domain name

IP address or domain name of the syslog server, which can be obtained from the primary syslog server.

Port

Port number of the syslog server, which is the same as the port number in udp(ip()port()) or tcp(ip()port()) in the Source field in the Syslog.conf file of the primary syslog server.

Enable reporting

Whether to report the syslog service configuration. The IP address or domain name and port number of the syslog server can be configured only when this parameter is selected.

Communication protocol

If TLS is configured on the syslog server, enable this parameter. If UDP is configured on the syslog server, disable this parameter.

Before enabling this parameter, ensure that the syslog server supports TLS.

Syslog protocol

Protocol for reporting syslog messages. The options are RFC 5424 and RFC 3164.

Encoding format

UTF-8 or GBK.

Select the type of logs to be reported

Select the type of logs to be reported.

Alarm report

Whether to report alarms to the syslog server. You can select the alarms to be reported or the type of the alarms to be reported.
Logs Reported by Devices
Table 5-12 Logs reported by devices

Log Type

Parameter

Description

Security log, Operation log

operatorTime

Time when the log is reported.

account

Account which reports the log.

clientIP

IP address of the device that reports the log.

tenant

Name of the tenant to which the device that reports the log belongs.

tenantID

ID of the tenant to which the device that reports the log belongs.

operation

Operation that generates the log.

operatorObj

Operation object.

operatorResult

Operation result.

level

Log level.

detail

Log details.

type

Log type.

Run log

operatorTime

Time when the log is reported.

hostName

Host that reports the log.

moduleName

Module that reports the log.

level

Log level.

detail

Log details.

type

Log type.

Configuring Two-Factor Authentication

Two-factor authentication (2FA) is a security check process. It strengthens security by requiring two identity credentials to verify user identity before granting access to the system. 2FA secures user logins from attackers exploiting weak or stolen passwords. In addition, login notifications can also warn users of unauthorized access to their accounts.

iMaster NCE-Campus supports two-factor authentication based on username and password authentication and SMS authentication.

Context

To configure SMS authentication, you need to perform the following operations:
  1. Set a mobile number. After logging in to iMaster NCE-Campus, you can associate a mobile number with your account. After you enter a mobile number, iMaster NCE-Campus checks whether the format of the mobile number meets the requirements (a string of 1 to 20 digits) and whether the mobile number can be associated with the current account. Only a mobile number that has no account associated supports account association. If the mobile number meets the preceding requirements, you can apply for a verification code. The mobile number can be changed after being set.
  2. Enable SMS authentication upon login. After setting the mobile number, you can enable SMS authentication upon login to implement two-factor authentication upon login. Before enabling SMS authentication upon login, ensure that a mobile number has been associated with your account.

After you click to obtain an SMS verification code, no SMS message may be received due to poor network signals or mobile phone issues. In this case, you can obtain a new verification code one minute later. The validity period of a verification code is five minutes. You will be locked for 10 minutes if you apply for another verification code before the current verification code expires and fail to be authenticated after applying for a verification code for more than five consecutive times.

Prerequisites

iMaster NCE-Campus has connected to an SMS gateway.

Procedure

  1. Choose System > System Management > Account Information from the main menu, and click Basic Information.
  2. Click to the right of Mobile number. In the displayed window, complete the verification as prompted to bind the current account to the specified mobile number.

  3. Click Modify next to SMS verification upon login. In the displayed window, enable SMS verification upon login and complete the verification using the SMS verification code.

Verification

After configuring SMS authentication, perform the following operations to check whether the configuration is successful.

  1. Log out and log in to iMaster NCE-Campus again. After the user name and password are verified successfully, the Login Verification page is displayed.
  2. Click Obtain Verification Code. After receiving an SMS verification code, enter it and click Confirm. If you log in to iMaster NCE-Campus successfully, the configuration is successful.

Translation
简体中文
Download
Updated: 2021-04-29

Document ID: EDOC1100141248

Views: 125336

Downloads: 509

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :