Embed Size (px)
Citation preview
〉
〉〉
1
Agile C
ontrollerHuawei Agile Controller
〉
〉〉
1
Agile C
ontroller
Agile Controller
Product Overview
Product Features
Agile Controller is the latest user-centric and application-based, automatic network resource control
system developed by Huawei. This system is positioned as the "Smart Brain" of a Agile network. Inspired by
the idea of centralization in Software-Defined Networking (SDN), the Agile Controller dynamically adjusts
network and security resources across the entire Agile, enabling networks to be more agile for services.
WAN/Internet
Agile Controller
Email, ERP, and codes
Data Center
HQ access:R&D, sales, and
visitor
Branch access:R&D, sales, and
visitor
Internet:R&D and sales
Policy delivery
Service f low
Policy execution point
WAN/Internet
Redefines Networks By Concentrating on Service and Experience
Shifting the focus from technologies, devices,
and connectivity to users, services, and experiences,
the Agile Controller provides a 5W1H-based policy
matrix featuring scenario awareness, implementing a
consistent experience over the entire network. A user
can enjoy the same experience on the Agile network
anywhere; regardless of access location, or terminal
device.
Big Data Analytics-based Full-Scale Security Collaboration
Shifting from single-point security protection to
full-scale security collaboration over the entire network
and leveraging Big Data analytics, the Agile Controller
detects security threats taking a holistic perspective of
the entire network in order to assist users in quickly
identify network risks, and proactively implements
defense solutions.
〉
〉〉
2
Agile C
ontroller
Centralized Control and Flexible Adjustment of Resources of the Entire Network
Shifting from static and manual network configuration to dynamic and automatic network deployment, the Agile Controller controls resources on the entire network in a centralized manner and can flexibly adjust network resources based on services. For example, the Agile controller can establish a temporary group, guarantee a high-quality experience for VIP users, identify high-risk assets, and deploy stricter security policies.
Product Openness
The Agile Controller connects to existing devices and service systems through multiple interface modes such as Web Service API, SQL, and Syslog, implementing system integration while improving new service provisioning efficiency and overall network operation and maintenance (O&M)
Core Functionalities• Provides a unified policy engine and executes unified access policy across an entire organization, implementing
authentication and authorization based on users, access time, access locations, device types, device resources, and access modes (5W1H).
• Provides full-life-cycle guest management, supports a personalized Portal login interfaces, pushes personalized webpages based on terminal IP address range and location, improving the enterprises' brand presence and reducing the IT O&M pressure.
• Provides rights planning modes for the policy matrix and implements automatic deployment and state monitoring on the network based on 5W1H policy control, ensuring consistent policies and allowing users to enjoy a consistent service experience with the freedom to move as they please.
• Provides user group-based QoS policy planning. When network resources are limited, VIP user experience is guaranteed as their data is preferentially forwarded.
• Provides service orchestration capabilities, virtualizes security devices into a security resource center, and diverts user traffic to the security resource center for processing, improving security resource efficiency and enhancing the security protection capabilities of the entire network.
〉
〉〉
3
Agile C
ontroller
• Leverages Big Data analytics, collects and performs an association analysis on security events from across the entire network, displays the security states of the entire network, provides a security association function, aids users in quickly identifying network risks, and proactively executing security and defense solutions.
Operating Environment
Networking
Configuration RequirementService Management Server
(SM & SC)
Security Collaboration Server
(SV & iRadar)
CPU 2 x hexa-core 2 GHz 2 x hexa-core 2 GHz
Memory 16 GB 32 GB to 64 GB
Storage 600 GB 4 T or more
Note: The service management servers (SM & SC) are used to run access control, guest management, ubiquitous service, and service orchestration functions while the security collaboration servers (SV & iRadar) are used to run the security collaboration function.
The Agile Controller has no special networking requirements. It works properly as long as the physical server on which it runs is reachable. The Agile Controller is usually deployed in the data center zone.
AP
LSW
LSW
WAN/Internet
Server
NGFW/SVN
APLSW
Agile core
Converged access
Agile aggregation
LSW
Campus egress
Branch network
Branch network
L2 SW
AR
L2 SW
AR
Internet access
Agile Controller
NMS
Data Center
〉
〉〉
4
Agile C
ontroller
List of Specifications
Function Specifications
User authentication
Based on the system's built-in account authentication
Microsoft Windows Active Directory (AD) authentication
Third-party LDAP association authentication
Mobile certificate authentication
Anonymous authentication: Administrators can open anonymous authentication
in specified network zones. If terminal users select the anonymous authentication
mode, they do not need to enter a password.
Policy engine
Supports rule-based, multi-dimensional authentication policies; supports authorization of different policies based on different department identities, device types, access time, and access modes. Pushes different web authentication pages to accommodate different conditions (including terminal access locations, device types, and wireless access SSIDs).
Network Admission Control
(NAC)
Compliance check: Includes security evaluation and system configuration.
Limits access to protected resources for terminals that do not meet compliance
requirements.
Automatically isolates terminals that do not meet compliance requirements.
Troubleshoots terminal faults in a one-click manner.
Authorizes access range based on users and prohibits unauthorized access.
Guest access management
Guest account creation and self-registration
Guest account notification (through webs, emails, or SMS messages)
APIs for guest account addition, deletion, and modification
User-defined registration and authentication pages.
Smart terminal identification
Supports PCs, smart terminals (mobile phones and tablet PCs), IP phones, and
network printers.
Supports a variety of operating systems (OSs) including Windows, Linux, MAC OS,
Android, iOS, and Windows Phone.
Supports device identification in multiple modes (SNMP, User-Agent, DHCP, and
MAC OUI).
Ubiquitous service
Unified policy configuration and management
Inter-user group policy elements and authorization rule configuration
Matrix policy template configuration
Deploys a user group policy matrix on the entire network.
Automatically deploys policies for newly added devices.
Monitors policy states on the entire network.
Guarantees a high-quality access experience for VIP users.
〉
〉〉
5
Agile C
ontroller
Function Specifications
Service orchestration
Service orchestration resource management
Service flow definition
Service chain orchestration
Service chain state monitoring
Security collaboration
Collects security logs and supports Huawei and third-party standard interfaces,
including Syslog, SNMP, FTP/SFTP, OPSEC, and ODBC interfaces.
Association analysis of security events: Presets association policies in the system and
supports the user-defined function of association analysis rules.
Security event association: Notifies administrators of new security events by sending
alarms through emails or SMS messages.
Security state display: Includes security states on the entire network, Top N highly
risky assets, and security threat degree on the entire network.
Operable and maintainable
report
Presets commonly used report templates and trend reports, for example, a sign-in
activity report.
Supports user-defined reports or obtaining reports from the security resource
center.
System management
System running state monitoring: If the server fails, the system will send server
alarms through various means including dialog box pop ups email.
Diagnoses client faults online and handles client faults in a centralized manner.
Remote data backup
Networking mode
Centralized networking: applicable to networking environments where the number
of terminals is relatively small with clearly defined network layers.
Distributed networking: applicable to networking environments where multiple
branches exist or the number of terminals is fairly large
List of Specifications
〉
〉〉
6
Agile C
ontroller
Ordering Information
Description Quantity Remarks
1.1 Software
Agile Controller's access control feature 1 Optional. Provides the user access control function.
License based on the number of Agile Controller's access control terminals
Stair-basedDivided into multiple stairs: 200, 500, 1000, 2000, 5000, 10,000, and 50,000.
Agile Controller's guest management feature 1Optional. Provides the full-life-cycle guest management function.
License based on the number of Agile Controller's guest management accounts
Stair-basedDivided into multiple stairs: 200, 500, 1000, 2000, 5000, 10,000, and 50,000.
Agile Controller's ubiquitous service feature 1Optional. Provides the user group-based policy matrix and QoS policy deployment function.
Agile Controller's service orchestration feature 1Optional. Provides the function of diverting user traffic to the security resource center for processing.
Agile Controller's security collaboration feature 1Optional. Provides the functions of security event collection, association analysis, and security state display on the entire network.
License based on the number of Agile Controller's security collaboration events
Stair-basedDivided into multiple stairs: 500 events per second (EPS), 1000 EPS, 2500 EPS, and 5000 EPS.
1.2 Centralized hardware deployment (number of users ≤ 10,000; number of logs ≤ 2500 EPS)
Service management (SM&SC) all-in-one device 1 Optional (number of users ≤ 10,000)
Security collaboration (SV&iRadar) all-in-one device 1 Optional (number of logs ≤ 2500 EPS)
1.3 Distributed hardware deployment (number of users > 10,000; number of logs > 2500 EPS)
SM server
Unlimited
Service manager, which manages each SC, sends real-time instructions to connected nodes, and completes various services
SC serverService controller, which completes user authentication, security policy delivery, and data reporting
Database serverDatabase servers can be independently deployed for redundancy backup.
SV server
Unlimited
Security View manages security states, displays the association analysis results of iRadar, and evaluates the security state of the entire network.
iRadar server Log collection and association analysis server
iRadar-CA serverWhen the number of association rules on the iRadar server is greater than 15, it is recommended to configure one association analyzer.
iRadar-CM server
When the number of branch nodes is less than 2000, an iRadar-CM log collector can be deployed. When the number of EPS is greater than 2000, it is recommended to deploy an iRadar server.
S2600T disk arrayExternal disk array, which is configured when the SV and iRadar select High Availability (HA) redundancy backup.
More Information
For more information about Huawei Agile Controller, please visit: http://enterprise.huawei.com.
Copyright © Huawei Technologies Co., Ltd. 2014. All rights reserved.
Trademark Notice
General Disclaimer
, HUAWEI, and are trademarks or registered trademarks of Huawei Technologies Co., Ltd.Other trademarks, product, service and company names mentioned are the property of their respective owners.
The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.
No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.
