The farther, the more complex the interaction processes and the composition of components become even in small information networks. Changing in line with digital transformation, businesses are experiencing needs that they did not have even a few years ago. For example, the need to manage not only how groups of work machines function, but also the connection of IoT elements, mobile devices, as well as corporate services, which are also increasing in number. The need for a platform on which it would be convenient to deploy "smart" service-oriented networks prompted Huawei to launch CloudCampus. Today - about what kind of decision it is, who and how it benefits.
What the business needs
Often companies, especially those with a large share of digital in their business, quickly find that a standard organized local network is not enough for them. They need, for example:
- an infrastructure suitable for the interaction of devices, people, things and entire environments;
- use of wired and wireless networks as a whole;
- extremely simplified network management without loss of functionality;
- creation of isolated virtual networks;
- the ability to smoothly expand network capabilities.
If without preludes, then for all this, as well as for various other tasks, we created CloudCampus. Cloud technologies at its core are used to design, deploy, use and support campus-type networks - with full-cycle cloud management. By the way, unlike other comparable solutions for organizing such networks, CloudCampus allows management from the Russian cloud.
For businesses, especially small and medium-sized ones, among the main advantages of CloudCampus is the presence of a clear plan for expanding the network and increasing its functionality. Finally, the financial model that pays for the operation of such an MSP infrastructure is pay-as-you-grow. It allows you to spend the budget strictly on the capacities and capabilities that the organization needs at the moment.
Today, 1,5 thousand companies from the SMB segment work on the basis of Huawei CloudCampus. Let's now briefly talk about how CloudCampus works.
What we "settled" in CloudCampus
First of all, about the general structure of the campus-type network created according to our model. It has three layers inside. At the top, there are application layer protocols tied to business applications. For example, in the school network - on eSchoolbag, an intelligent environment for monitoring educational processes. Through various Open APIs, it docks with the management layer - an intermediate one, where two large technological trump cards of CloudCampus lie. Namely, Agile Controller and CampusInsight solutions.
The Agile Controller engine is the basis for building software-defined distributed networks (SD-WAN), with isolated virtual environments. It also automates network deployment and policy enforcement. Whereas is a comprehensive, dynamically expanding platform for monitoring wireless networks, made according to microservice architecture and simplifying their operation and maintenance. Last but not least, with the help of visual data visualization tools (more on that later).
The "additional" level of infrastructure, built according to the SaaS model, is controlled through the MSP provider's cloud. With flexible scalability, the cloud platform at the heart of such a campus network is capable of serving up to 200 connected devices—approximately ten times more than a standard network.
Below is the network layer. In turn, it is also two-part. Its foundation is (a) network technologies and the equipment that uses them, on the basis of which (b) virtual networks function.
In an infrastructure built on the CloudCampus model, network devices - routers, switches, firewalls, access points, wireless network controllers - are managed through NETCONF mechanisms.
From a hardware point of view, the “backbone” of campus networks is the basic switches of the CloudEngine line, and first of all, the Huawei CloudEngine S12700E with a huge switching capacity of 57,6 Tbps. In addition, it has an outstanding port density of 100GE (up to 24) and the highest possible range of physical port speeds per slot at the moment. With such equipment, one "engin" pulls out at once up to 10 thousand wireless access points and up to 50 thousand users.
The Solar chipset (Huawei's own development) with embedded AI algorithms enables the gradual and holistic modernization of the campus infrastructure - from a standard architecture to a more modern one based on the concept of service-oriented networks.
With an open architecture and a highly reprogrammable intelligent chipset, the latest CloudEngine switches support virtual extended private networks (VxLAN), NETCONF/YANG service management, and real-time telemetry control of all devices connected to them.
Ultimately, the CloudEngine S12700E firmware helps to establish ultra-fast network switching with non-blocking data transfer, negligible lag and the risk of packet loss reduced to zero (thanks to Data Center Bridging technology). At the same time, the solution provides a seamless transition from local to cloud management of network devices.
One of the most important features of the next generation campus network is the convergence of wired and wireless networks. Moreover, their management is unified.
When deploying Wi-Fi 6 networks based on the 5G protocol, the S12700E switch serves as a terabit controller and provides synergy between wired and wireless networks.
An important function of CloudCampus is to maintain a common security policy for a wired and wireless network through an interaction matrix.
The CloudEngine product line of switches and related networking solutions provides the ability to build a solid "foundation" for any large local area network or infrastructure with geographically distributed offices.
Who's on campus "dean"
The benefits of CloudCampus are not limited to the technological characteristics of the network itself. Another, at least equally important, is intelligent, largely automated infrastructure management and monitoring. It is “smart” because it relies on artificial intelligence and big data analysis.
- Automated control. CloudCampus has a single infrastructure control center. Through it, the deployment of WLAN, LAN and WAN networks and control over them is organized. Moreover, all procedures are available through graphical interfaces, so there is no urgent need to use the command line.
- Intelligent operation of infrastructure. The CloudCampus O&M system gives you the ability to monitor how the network is being used "here and now" and what threatens it: from the functioning of the main infrastructure components and individual applications to monitoring the behavior of users and groups of users. And not only keep abreast, but also receive forecasts for possible malfunctions and emergency situations. For clarity of analysis, both visualization on a geographical map, using a GIS service, and the topography of the infrastructure itself are used. There is also a summary dashboard that allows you to evaluate the current status and historical data for any devices in the campus network in a single interface.
It is noteworthy that for the effective operation of the system of predictive analytics of faults in CloudCampus, long-term accumulation of data is not required. Pre-trained machine learning models are built into the platform, and working on a “live” infrastructure only enriches them, increasing accuracy. As a result, up to 85% of troubles can be predicted and prevented. In many cases, the response time to an incident is reduced to a few minutes - versus hours or even days in "old-mode" networks.
- Full openness. Among Huawei's main goals is to ensure that CloudCampus remains architecturally open and enables seamless improvement of customer infrastructure. Why we checked the platform for compatibility with more than 800 models of network devices from major international vendors. In total, 26 international laboratories have been created, where we, together with dozens of partners, are testing CloudCampus in terms of with third-party protocols, security models, online services, hardware solutions, software, etc.
As a result, the platform allows integration with a wide range of external management and authentication systems, and is also compatible with numerous industry standards (and non-standard protocols too).
How CloudCampus is secured
CloudCampus has hierarchical security protection and access control. Work with access and service policies in the solution is unified. 802.1x, AAA and TACACS protocols are used for authentication, plus authentication of rights by MAC address and through the online panel is possible.
The cloud-managed network itself runs on Huawei Cloud, whose cybersecurity, as one of our main “digital assets”, is maintained at a high level. Information transfer security in CloudCampus is also implemented at the protocol level: authentication data is transmitted via HTTP 2.0, and configuration data is transmitted via NETCONF. Local transfer of user data and access control through a single cloud platform also prevent incidents. Well, the Huawei CA Advanced Encryption certificate guarantees the cryptographic strength of the transmitted information.
User security is achieved, in particular, with the help of reliable - and numerous - authentication methods (not only through the corporate portal or by MAC address, but also, for example, using SMS or through a social network account). A new generation firewall - NGFW - provides a mechanism for deep packet analysis and provides protection for working machines on the network and other devices connected to it, including from digital threats that have not yet been studied.
Who will benefit the most from the decision
Due to its flexibility and scalability, CloudCampus is suitable for building digital infrastructure in companies of various sizes. First of all, however, it is aimed at small and medium-sized businesses, retailers and educational institutions (although it will find application in the enterprise), and its benefits are most fully revealed when it starts to make life easier for people with minimal or average experience in networking technologies. .
As for financial feasibility, the infrastructure built around CloudCampus makes it possible to reduce CAPEX and partially transfer them to OPEX. At the same time, CloudCampus also helps to reduce operational costs, for example, those associated with campus network management - in some cases by 80%.
Tailored for building isolated networks, CloudCampus, with its multi-tenant management architecture, is particularly powerful in two scenarios.
- There are several organizations on one campus, each with its own device, its own administrators, its own politicians. Then CloudCampus functions according to the classic MSP model: one cloud provider for a certain number of tenants (tenants of the cloud network infrastructure).
- There is only one organization, but the realities of its activities are such that they require the creation of various technological subnets, user segmentation, the deployment of separate functional subsystems (for example, video surveillance), WLAN / LAN docking with IIoT infrastructure, etc.
What's next for CloudCampus
CloudCampus is evolving towards a single umbrella solution. The focus on "smart O&M" will remain, but the course of its integration with other Huawei services, including SD-Sec, CloudInsight and SD-WAN, will also intensify. Everything to ensure that the evolution of the campus network is smooth, fruitful and meets the current business needs. We will certainly cover the most significant innovations in the platform in a blog on Habré.
Source: habr.com