Huawei CloudCampus: high cloud service infrastructure
The farther, the more difficult the interaction processes and the composition of the components become, even in small information networks. Changing in line with digital transformation, the business is experiencing needs that it had not had a few years ago. Let's say the need to manage not only how groups of working machines function, but also the connection of IoT elements, mobile devices, as well as corporate services, which are also more and more. The need for a platform on which it would be convenient to deploy smart service-oriented networks has prompted Huawei to launch CloudCampus. Today - about what this decision is, to whom and how it is beneficial.
Often companies - especially those in which the business has a large share of digital - quickly come across the fact that they have little standard organized local area network. They need, for example:
If without preludes, then for all this, as well as for various other tasks, we created CloudCampus. Cloud technologies at its core are used for the design, deployment, use and support of campus-type networks - with full-service cloud management. By the way, unlike other comparable solutions for organizing such networks, CloudCampus allows management from the Russian cloud.
For businesses, especially small and medium-sized companies, one of the main advantages of CloudCampus is a clear plan to expand the network and increase its functionality. Finally, the financial model by which the operation of such an MSP infrastructure is paid is pay-as-you-grow. It allows you to spend the budget strictly on the capacities and capabilities that the organization needs at the moment.
Today, 1,500 companies from the SMB segment operate on the basis of Huawei CloudCampus. Let’s now briefly talk about how CloudCampus works.
First things first about the overall structure of the campus network created by our model. Three layers stand out inside it. At the top, application-level protocols tied to business applications operate. For example, in the school network - on eSchoolbag, an intelligent environment for monitoring learning processes. Through various Open APIs, it interfaces with the control layer - intermediate, where two large technological Trump CloudCampus cards lie. Namely, Agile Controller and CampusInsight solutions.
The Agile Controller engine is the basis for building software-defined distributed networks (SD-WAN), with isolated virtual environments. It also automates network deployment and policy setting. While CampusInsight is a comprehensive, dynamically expanding platform for monitoring wireless networks, made according to the microservice architecture and simplifying their operation and maintenance. Not least - with the help of visual data visualization tools (more on that later).
The "additional" level of infrastructure built on the SaaS model is controlled through the cloud of the MSP provider. Being flexibly scalable, the cloud platform at the heart of such a campus network is capable of serving up to 200 thousand connected devices - approximately ten times more than a standard network.
Below is the network layer. In turn, he is also two-part. Its foundation is (a) network technologies and the equipment using them, over which virtual networks operate (b).
In an infrastructure built on the CloudCampus model, network devices — routers, switches, firewalls, access points, and wireless network controllers — are controlled through NETCONF mechanisms.
From the hardware point of view, the “backbone” of campus networks is the basic switches of the CloudEngine line, and first of all, the Huawei CloudEngine S12700E with a huge switching capacity of 57.6 Tbit / s. In addition, it has an outstanding port density of 100GE (up to 24) and the maximum possible speed range of physical ports per slot per slot. With this equipment, one “engine” pulls up to 10 thousand wireless access points and up to 50 thousand users at once.
The Solar chipset (Huawei's own development) with embedded AI algorithms makes it possible to gradually and holistically upgrade the campus infrastructure - from a standard architecture to a more modern one, based on the concept of service-oriented networks.
Due to the open architecture and intelligent chipset with extensive reprogramming capabilities, the latest CloudEngine switches support the creation of virtual extended private networks (VxLAN), service control via NETCONF / YANG protocol, as well as real-time telemetric control over all devices connected to them.
Ultimately, the CloudEngine S12700E hardware and software filling helps establish ultra-fast network switching with non-blocking data transfer, negligible lag and zero packet loss risk (thanks to Data Center Bridging technology). At the same time, the solution provides a seamless transition from on-premises to cloud-based management of network devices.
One of the most important features of the next-generation campus network is the convergence of wired and wireless networks. Moreover, their management is unified.
When deploying Wi-Fi 6 networks based on the 5G protocol, the S12700E switch serves as a terabit controller and provides synergy between the wired and wireless network.
An important feature of CloudCampus is to adhere to a common wired and wireless network security policy based on the interaction matrix.
The product line of CloudEngine switches and related network solutions makes it possible to build a solid “foundation” for an arbitrarily large local network or infrastructure with geographically distributed offices.
The benefits of CloudCampus are not limited to the technological characteristics of the network itself. Another, at least equally important, is the intelligent, largely automated infrastructure management and monitoring. He is “smart” because he relies on artificial intelligence and big data analysis.
It is noteworthy that for the sake of the effective operation of the predictive analytics system of failures in CloudCampus, a long accumulation of data is not required. Pre-trained machine learning models are built into the platform, and working on a “living” infrastructure only enriches them, increasing accuracy. As a result, up to 85% of troubles can be predicted and prevented. In many cases, the response speed to an incident is reduced to a few minutes - against hours or even days in "old-mode" networks.
As a result, the platform allows integration with a wide range of external management and authentication systems, and is also compatible with numerous industry standards (and non-standard protocols, too).
CloudCampus has hierarchical security protection and access control. Work with access and service policies in the solution is unified. For authentication, the protocols 802.1x, AAA, and TACACS are used, plus authentication of rights by MAC address and through the online panel is possible.
The cloud-controlled network itself operates on the Huawei Cloud, whose cybersecurity, as one of our main “digital assets”, is maintained at a high level. The security of information transfer to CloudCampus is also implemented at the protocol level: authentication data is transmitted over HTTP 2.0, and configuration data is transmitted over NETCONF. Local transfer of user data and access control through a single cloud platform also prevent incidents. Well, the certificate of Huawei CA Advanced Encryption guarantees the cryptographic stability of the transmitted information.
User security is achieved, in particular, using reliable - and numerous - authentication methods (not only through a corporate portal or MAC address, but also, for example, via SMS or through an account on a social network). And the next-generation firewall, NGFW, provides a mechanism for in-depth packet analysis and protects working machines on the network and other devices connected to it, including from digital threats that have not yet been studied.
Due to its flexibility and scalability, CloudCampus is suitable for building digital infrastructure in companies of various sizes. First of all, however, it is designed for small and medium-sized businesses, retailers and educational institutions (although it can be used in enterprise), and its advantages are most fully revealed when it begins to make life easier for people with minimal or medium experience in network technologies .
As far as financial viability is concerned, the infrastructure built around CloudCampus makes it possible to reduce CAPEX and partially transfer them to OPEX. At the same time, CloudCampus also helps reduce operational costs, for example, associated with the management of the campus network - in some cases by 80%.
Sharpened by the creation of isolated networks, CloudCampus with its multi-client management architecture is particularly effective in two scenarios.
CloudCampus is developing towards a single umbrella solution. The emphasis on “smart O&M” will remain in it, but the course on its integration with other Huawei services, including SD-Sec, CloudInsight and SD-WAN, will also strengthen. All so that the evolution of the campus network is smooth, fruitful and meets the current needs of the business. We will certainly cover the most significant innovations in the platform in a blog on Habré.
What does business need
Often companies - especially those in which the business has a large share of digital - quickly come across the fact that they have little standard organized local area network. They need, for example:
- infrastructure suitable for the interaction of devices, people, things and entire environments;
- the use of wired and wireless networks as a whole;
- extremely simplified network management without loss of functionality;
- creation of isolated virtual networks;
- the ability to smoothly expand the capabilities of the network.
If without preludes, then for all this, as well as for various other tasks, we created CloudCampus. Cloud technologies at its core are used for the design, deployment, use and support of campus-type networks - with full-service cloud management. By the way, unlike other comparable solutions for organizing such networks, CloudCampus allows management from the Russian cloud.
For businesses, especially small and medium-sized companies, one of the main advantages of CloudCampus is a clear plan to expand the network and increase its functionality. Finally, the financial model by which the operation of such an MSP infrastructure is paid is pay-as-you-grow. It allows you to spend the budget strictly on the capacities and capabilities that the organization needs at the moment.
Today, 1,500 companies from the SMB segment operate on the basis of Huawei CloudCampus. Let’s now briefly talk about how CloudCampus works.
What we “settled” in CloudCampus
First things first about the overall structure of the campus network created by our model. Three layers stand out inside it. At the top, application-level protocols tied to business applications operate. For example, in the school network - on eSchoolbag, an intelligent environment for monitoring learning processes. Through various Open APIs, it interfaces with the control layer - intermediate, where two large technological Trump CloudCampus cards lie. Namely, Agile Controller and CampusInsight solutions.
The Agile Controller engine is the basis for building software-defined distributed networks (SD-WAN), with isolated virtual environments. It also automates network deployment and policy setting. While CampusInsight is a comprehensive, dynamically expanding platform for monitoring wireless networks, made according to the microservice architecture and simplifying their operation and maintenance. Not least - with the help of visual data visualization tools (more on that later).
The "additional" level of infrastructure built on the SaaS model is controlled through the cloud of the MSP provider. Being flexibly scalable, the cloud platform at the heart of such a campus network is capable of serving up to 200 thousand connected devices - approximately ten times more than a standard network.
Below is the network layer. In turn, he is also two-part. Its foundation is (a) network technologies and the equipment using them, over which virtual networks operate (b).
In an infrastructure built on the CloudCampus model, network devices — routers, switches, firewalls, access points, and wireless network controllers — are controlled through NETCONF mechanisms.
From the hardware point of view, the “backbone” of campus networks is the basic switches of the CloudEngine line, and first of all, the Huawei CloudEngine S12700E with a huge switching capacity of 57.6 Tbit / s. In addition, it has an outstanding port density of 100GE (up to 24) and the maximum possible speed range of physical ports per slot per slot. With this equipment, one “engine” pulls up to 10 thousand wireless access points and up to 50 thousand users at once.
The Solar chipset (Huawei's own development) with embedded AI algorithms makes it possible to gradually and holistically upgrade the campus infrastructure - from a standard architecture to a more modern one, based on the concept of service-oriented networks.
Due to the open architecture and intelligent chipset with extensive reprogramming capabilities, the latest CloudEngine switches support the creation of virtual extended private networks (VxLAN), service control via NETCONF / YANG protocol, as well as real-time telemetric control over all devices connected to them.
Ultimately, the CloudEngine S12700E hardware and software filling helps establish ultra-fast network switching with non-blocking data transfer, negligible lag and zero packet loss risk (thanks to Data Center Bridging technology). At the same time, the solution provides a seamless transition from on-premises to cloud-based management of network devices.
One of the most important features of the next-generation campus network is the convergence of wired and wireless networks. Moreover, their management is unified.
When deploying Wi-Fi 6 networks based on the 5G protocol, the S12700E switch serves as a terabit controller and provides synergy between the wired and wireless network.
An important feature of CloudCampus is to adhere to a common wired and wireless network security policy based on the interaction matrix.
The product line of CloudEngine switches and related network solutions makes it possible to build a solid “foundation” for an arbitrarily large local network or infrastructure with geographically distributed offices.
Who is the Dean on Campus
The benefits of CloudCampus are not limited to the technological characteristics of the network itself. Another, at least equally important, is the intelligent, largely automated infrastructure management and monitoring. He is “smart” because he relies on artificial intelligence and big data analysis.
- Automated management. CloudCampus has a single infrastructure management center. Through it, the deployment of WLAN, LAN and WAN networks and control over them is organized. Moreover, all procedures are accessible through graphical interfaces, so there is no urgent need to use the command line.
- Intelligent operation of infrastructure. The O&M system in CloudCampus makes it possible to monitor how the network is used "here and now" and what it faces: from the functioning of the main infrastructure components and individual applications to monitoring the behavior of users and user groups. And not only keep abreast, but also receive forecasts on possible malfunctions and emergency situations. For clarity of analysis, both visualization on a geographic map using the GIS service and the actual topography of the infrastructure are used. There is also a consolidated dashboard that allows you to evaluate the current status and historical data for any devices on the campus network in a single interface.
It is noteworthy that for the sake of the effective operation of the predictive analytics system of failures in CloudCampus, a long accumulation of data is not required. Pre-trained machine learning models are built into the platform, and working on a “living” infrastructure only enriches them, increasing accuracy. As a result, up to 85% of troubles can be predicted and prevented. In many cases, the response speed to an incident is reduced to a few minutes - against hours or even days in "old-mode" networks.
- Full openness. Among Huawei’s primary goals are to keep CloudCampus architecturally open and provide seamless improvements to customer’s infrastructure. Why we tested the platform for compatibility with more than 800 models of network devices from major international vendors. In total, 26 international laboratories were created, where together with dozens of partners we test CloudCampus in terms of compatibility with third-party protocols, security models, online services, hardware solutions, software, etc.
As a result, the platform allows integration with a wide range of external management and authentication systems, and is also compatible with numerous industry standards (and non-standard protocols, too).
How protected is CloudCampus
CloudCampus has hierarchical security protection and access control. Work with access and service policies in the solution is unified. For authentication, the protocols 802.1x, AAA, and TACACS are used, plus authentication of rights by MAC address and through the online panel is possible.
The cloud-controlled network itself operates on the Huawei Cloud, whose cybersecurity, as one of our main “digital assets”, is maintained at a high level. The security of information transfer to CloudCampus is also implemented at the protocol level: authentication data is transmitted over HTTP 2.0, and configuration data is transmitted over NETCONF. Local transfer of user data and access control through a single cloud platform also prevent incidents. Well, the certificate of Huawei CA Advanced Encryption guarantees the cryptographic stability of the transmitted information.
User security is achieved, in particular, using reliable - and numerous - authentication methods (not only through a corporate portal or MAC address, but also, for example, via SMS or through an account on a social network). And the next-generation firewall, NGFW, provides a mechanism for in-depth packet analysis and protects working machines on the network and other devices connected to it, including from digital threats that have not yet been studied.
Who will benefit most from the decision
Due to its flexibility and scalability, CloudCampus is suitable for building digital infrastructure in companies of various sizes. First of all, however, it is designed for small and medium-sized businesses, retailers and educational institutions (although it can be used in enterprise), and its advantages are most fully revealed when it begins to make life easier for people with minimal or medium experience in network technologies .
As far as financial viability is concerned, the infrastructure built around CloudCampus makes it possible to reduce CAPEX and partially transfer them to OPEX. At the same time, CloudCampus also helps reduce operational costs, for example, associated with the management of the campus network - in some cases by 80%.
Sharpened by the creation of isolated networks, CloudCampus with its multi-client management architecture is particularly effective in two scenarios.
- Several organizations are concentrated in one campus, each with its own device, its administrators, its own politicians. Then CloudCampus operates according to the classic MSP model: one cloud provider for a certain number of tenants (tenants of the cloud network infrastructure).
- The organization is one, but the realities of its activities are such that they require the creation of various technological subnets, user segmentation, the deployment of individual functional subsystems (for example, video surveillance), the connection of WLAN / LAN with IIoT infrastructure, etc.
What will happen with CloudCampus next
CloudCampus is developing towards a single umbrella solution. The emphasis on “smart O&M” will remain in it, but the course on its integration with other Huawei services, including SD-Sec, CloudInsight and SD-WAN, will also strengthen. All so that the evolution of the campus network is smooth, fruitful and meets the current needs of the business. We will certainly cover the most significant innovations in the platform in a blog on Habré.
All Articles